VoIP  services  are  rapidly  becoming  the  bread-and-butter  of  enterprise  voice  networks,  as  roughly  72%  of  all 
corporate  voice  lines  shipped  by  vendors  in  2007  were  IP-capable.  We  take  a  look  at  a  few  VoIP  service  hot 
topics.  Page  14.  ■  Is  SIP  interoperability  still  a  major  concern?  ■  What  should  be  your  biggest  VoIP 
security  concerns?  ■  Are  service  providers  offering  smooth  transitions  from  TDM  to  VoIP  services? 


Community  roots 


bolster  Linux 

At  LinuxWorld  this 
week  the  focus  will 
be  on  mobility  and 
the  latest  embedded - 
Linux  gadgets  as  well 
as  an  open  source 
voting  demonstration. 
Page  12. 


Data  storage  com¬ 
panies  to  watch 

Innovative  start-ups 
target  flash  drives, 
cloud  storage,  disas¬ 
ter  recovery.  Page  16. 


No  free  lunch 

VMware’s  hypervisor 
is  free,  but  enter¬ 
prises  will  still  pay. 

Page  18. 


Your  wireless  take 

Mobile  "  " 

technol- 

°9y  m  **  Wife 

proves  * 
indis¬ 
pens¬ 
able  in  helping  Mike 
Koval  and  his  real¬ 
tors  at  Long  &  Foster 
to  exceed  customer 
expectations,  and  to 
improve  patient  care 
at  Rush  University 
Medical  Center. 

Page  24. 


Enterasys- 
Siemens 
looks  to  pry 
Cisco’s  grip 

BY  JIM  DUFFY 

By  combining  with  Siemens’ 
enterprise  VoIP  group  in  a  deal 
announced  last  week,  Enterasys 
Networks  has  found  its  sought- 
after  entry  into  the  billion-dollar- 
company  club  and  given  cus¬ 
tomers  of  both  vendors  a  reason 
for  hope. 

The  joint  venture,  formed  by 
Enterasys  parent  company 
Gores  Group,  is  also  the  latest 
sign  of  convergence  in  an  indus¬ 
try  where  competitors  feel  they 
need  to  get  much  bigger  to  have 
a  chance  vs.  Cisco.  A  week  earl¬ 
ier,  Brocade  announced  plans  to 
buy  Foundry  Networks  for  $3  bil¬ 
lion  in  an  effort  to  attack  Cisco 
on  the  data  center  front. 

Enterasys,  which  was  taken  pri¬ 
vate  in  2006  by  Gores  and  has 
been  stuck  with  just  a  sliver  of 
the  multibillion-dollar  Ethernet 
switch  market  for  years,  will  be 
combined  with  Siemens  Enter¬ 
prise  Communications  and 
another  Gores  holding,  SER 
Solutions,  which  sells  call-center 
software.  Gores  and  Siemens  in¬ 
vested  about  $550  million  in  the 
deal,  with  Gores  taking  a  51% 
stake  and  Siemens  the  rest. 

The  result  will  be  a  $5  billion 
See  Enterasys,  page  34 


o 

o 

LO 


cr 


LU 

0- 

< 

CL 

c n 


5 

LU 


At  Black  Hat/DefCon, 
IT  security  is  on  trial 


BY  ELLEN  MESSMER 

The  Black  Hat  confer¬ 
ence  and  its  post-  show 
event,  DefCon,  promise 
to  poke  holes  in  today’s 
network  technologies, 
showing  malware  vari¬ 
ants,  wireless  LAN  intru¬ 
sion/detection  prob¬ 
lems,  rootkit  variations 
and  a  host  of  other  tech¬ 
nologies  guaranteed  to 
keep  IT  executives  up  at 
night. 

“We’re  showing  malware  we  created 
called  Jinx,” says  Itzik  Kotler,  manager  of  the 
security  operations  center  at  Radware  and 
a  presenter  at  Black  Hat,  which  runs 
through  Aug.  7.  Kotler  describes  Jinx  as 
attack  code  that  can  take  over  machines 
by  using  versions  of  Mozilla’s  Firefox 
browser  that  pre-date  Firefox  3,  Mozilla’s  lat¬ 
est  release.  (You  might  want  to  upgrade 
now  if  you  haven’t  already) 


JavaScript-based  Jinx 
can  index  a  victim’s 
hard  drive  and  send 
back  files  from  Mac¬ 
intosh,  Windows  or 
Linux-based  machines 
to  the  attacker,  or  turn 
the  computer  into  a 
spam  machine,  he  says. 

“It’s  the  first  proof-of- 
concept  of  such  mal¬ 
ware,  with  no  code 
injection,  no  interfering 
with  the  kernel,”  Kotler 
says,  adding  that  the  Jinx  exploit  code  will 
be  published  for  all  to  see.  He  hinted  that 
Radware  is  working  on  similar  Jinx-like 
malware  aimed  at  Microsoft  Internet 
Explorer. 

Why  all  the  effort?  “We  believe  people 
need  to  be  prepared  for  this.There’s  a  pop¬ 
ular  demand  for  Web  2.0,  but  it’s  a  bad  situ¬ 
ation  in  that  we’ve  given  huge  power  to 

See  Black  Hat,  page  44 


SPECIAL  FOCUS:  SECURITY 


JERICHO  FORUM: 

VISIONARIES  WITH  A 
VISIBILITY  PROBLEM 

After  initial  buzz  around  ‘de-perimeterization,’ 
group  struggles  to  gain  influence.  Page  37. 


Jericho  Forum  board  member 
PAUL  SIMMONDS  wants  to  build 
bridges  and  tear  down  (fire)walls. 


MICHAEL  WILLIAMS 


ALTERNATIVE  THINKING  ABOUT  POWER  AND  COOLING: 


.  . 

Take  the  heat  off  of  your  increasing  power  and  cooling  costs  with  the  HP  BladeSystem  c3000.  In  addition  to  ProLiant  Server  Blades, 
you  can  add  a  variety  of  StorageWorks  Storage  Blades  for  a  complete  solution.  The  c3000  works  almost  anywhere  by  simply  plugging 
directly  into  a  standard  power  outlet— with  no  additional  cooling  requirements. 


Technology  that  helps  you 


avoid  risk  while  helping  to  reduce  costs.  How  cool  is  that? 


Technology  for  better  business  outcomes. 


AMDH 

Opterorr 


Featuring  efficient 

Quad-Core  AMD  Opteron™  processors. 


To  learn  more,  call  1-888-860-9573  orvisithp.com/go/BeReady76 


AMD,  the  AMD  Arrow  logo,  AMD  Opteron,  and  combinations  thereof,  are  trademarks  of  Advanced  Micro  Devices,  Inc.  The  information  contained  herein  is  subject  to  change  without  notice. 
©  2008  Hewlett-Packard  Development  Company,  L.P. 
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■  The  Flextune’s  portable  speakers 
are  designed  for  the  iPod  and  run  on 
AC  power  or  batteries.  See  Cool  Tools, 
page  32. 

32  Mark  Gibbs:  Video  for  memory,  a 
book  for  faults. 

32  Keith  Shaw:  Three  quick  gadget 
hits. 
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GOODBADUGLY 

One  cheap  laptop 

A  company  now  is  selling  what  it  calls 
the  “world’s  cheapest  laptop,"  which  at 
$130,  is  not  a  bad  deal.There’s  a  caveat, 
however —  it  has  to  bought  in  bulk,  in 
units  of  100. 

Venturing  elsewhere 

Venture  funding  for  network  companies 
took  a  small  dive  in  the  second  quar- 
ter.There  were  401  investment  rounds 
totaling  $2.68  billion  in  the  second 
quarter,  according  to  data  provided  to 
Network  World  by  Pricewaterhouse- 
Coopers.That's  the  lowest  dollar 
amount  for  network  companies  in  any 
quarter  since  2006. 

DNS  attack  boomerangs 
HD  Moore  has  been  owned. That's 
hacker  talk,  meaning  that  Moore,  the 
creator  of  the  popular  Metasploit  hack¬ 
ing  toolkit,  has  become  the  victim  of  a 
computer  attack.  It  happened  last  week 
when  Moore’s  company, 
BreakingPoint  Systems,  had 
some  of  its  Internet  traffic 
redirected  to  a  fake  Google 
page  being  run  by  a  scam¬ 
mer.  Moore  says  the 
hacker  did  this  by  launching 
a  cache  poisoning  attack  on  a  DNS 
server  on  AT&T’s  network  that  was 
serving  the  Austin, Texas,  area.  One  of 
BreakingPoint's  servers  was  forwarding 
DNS  traffic  to  the  AT&T  server. 
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VISIONARIES  WITH  A 
VISIBILITY  PROBLEM 

After  initial  buzz  about  ‘de-perimeterization,’ 
group  struggles  to  gain  influence.  Page  37. 


Jericho  Forum  board  member 
PAUL  SIMMOHDS  wants  to  build 
bridges  and  tear  down  (fire)walls. 


A  snapshot  of  how  networkworid.com 
visitors  voted  on  a  key  networking  issue 
last  week: 


Will  you  change  the  way  you  use  your 
cell  phone,  in  light  of  a  new  warning 
about  possible  radiation  health  risks? 


Some  changes: 
there’s  enough 
evidence  for  concern. 
35% 


No  changes:  the 
warning  is  totally 
bogus.  9% 


No  changes:  I'm 
not  concerned 
that  much. 

11% - - 


I'm  thinking 
about  it. 

20% - 


I'm  getting  rid  of  my 
cell  phone.  25% 


Total  voters  for  this  poll:  841 


Vote  and  discuss:  www.nwdocfinder.com/6031 


Speedy  Connection 

1&1  servers  benefit  from  100  MBit  connection 

Great  Prices 

All  dedicated  servers  are  on  sale!* 

Cutting-edge  Technology 

Hardware  to  meet  your  strong  demands 


For  powerful 

choose  a 
web  host! 


servers, 

powerful 


50  %  OFF 

Visit  our  website  novt ^^the  tirsOmonths'.**1 
1&1  Business  Package  t or  the  ms 

OFFER  ENDS  08/31/2008. 


Best  Value:  <10*1 

Compare  for  yourself.  I  Of  I  The  Planet 


BUSINESS  1 

Intel  Pentium  4  Series  2.4+ 

CPU 

AMD  Athlon™  64  3500+  Processor 

Intel  Pentium  4  2.4  GHz+ 

RAM 

1  GB 

512  MB  included,  add  $1 5/month  for  1  GB 

Useable  Disk  Space 

160  GB 

80  GB 

RAID 

RAID  1  Included  (2  X  160  GB  HD) 

Add  $10/month  for  second  80  GB  HD  for  RAID  1 

Backup 

Full  160  GB  Backup  Included 

Add  $80/month  for  80  GB  Backup 

Monthly  Traffic  (GB/month) 

2000  GB/month 

750  GB  included,  add  $175/month  for  1750  GB 

Total  Monthly  Fee  as  Configured 

X  54950* 

*389 

ENTERPRISE  1 

Conroe  3060  Series  -  SAT/ 

< 

CPU 

Dual-Core  AMD  Opteron™  1218  Processor 

Dual  Core  Intel  Xeon  3060  Conroe  Processo 

r-2.4  GHz 

RAM 

4  GB 

2  GB  included,  add  $50/month  for  4  ( 

jB 

Useable  Disk  Space 

400  GB 

250  GB 

RAID 

RAID  1  Included  (2  X  400  GB  HD) 

Add  $40/month  for  RAID  1  +  $20/month  for  2nd 

250  GB  HD 

Backup 

Full  400  GB  Backup  Included 

Add  $200/month  for  200  GB  Backu| 

3 

Monthly  Traffic  (GB/month) 

4000  GB/month 

2500  GB  included,  add  $175/month  for  3f 

>00  GB 

Total  Monthly  Fee  as  Configured 

X1 149s0 

*694 

©  2008  1&1  Internet,  Inc.  All  rights  reserved. 

Visit  1and1.com  for  details.  Prices  based  on  comparable  packages,  effective  5/21/2008.  'Offer  valid  for  dedicated  server  packages  only,  with  a  24  month  minimum  contract  term  required. 

Prices  shown  reflect  Linux  (Root)  and  Managed  server  configur.  ;ons. 

’  ‘Price  valid  for  first  year  of  us  domain  registration.  After  the  first  year,  regular  prices  will  apply.  Product  and  program  specifications,  availability,  and  pricing  subject  to  change  without  notice.  Special  offer  expires  8/31/2008. 
All  other  trademarks  are  the  property  of  their  respective  owners. 

For  a  limited  time,  America's  internet  address  is  on  sale. 

www.1and1.com. 


Call  1.877.go1and1 

Visit  us  now  1and1.com 


PEERSAY 


In  defense  of  the  command¬ 
line  interface 


Re:  Cisco  PIX  is  dead  (www.nwdocfinder. 
com/6022 ): 

Why  the  heck  would  we  ever  want  to  move 
completely  away  from  CLI?  Half  the  problems 
we  have  is  that  companies  attempted  to  dumb 
things  down  for  folks  so  much  that  they 
glossed  over  real  issues  in  hopes  of  creating  a 
user-friendly  GUI. 

Give  me  a  black  screen  and  a  prompt  any 
day  If  you  take  that  away  completely  then  you 
have  something  to  hide.  1  got  to  at  least  audit 
what  you  have  me  doing  in  the  GUI,  and  sev¬ 
eral  of  the  products  actually  construct  what 
the  CLI  commands  look  like  while  you  do  it  in 
the  other  interface. 

David  O’ Berry 

Discuss  at  www.nwdocfinder.com/6022 

Data  protection 


Re:  DHS  still  having  trouble  handling  Top 
Secret  Information  (www.nwdocfinder.com/ 
6023): 

Richard  Stiennon,you  are  so  wrong. 

First  of  all,  the  technology  that  you  evidently 
feel  is  the  answer  to  everything  has  to  be  spec¬ 
ified,  designed,  built,  used  and  maintained  by 
human  beings.  Security  awareness,  training 
and  education  are  important  at  every  stage  of 
the  development  process  (for  example,  man¬ 
agers  aware  of  the  risks  and  control  options 
open  to  them  to  ensure  adequate  security,  so 
that  they  correctly  specify  security  require¬ 
ments;  making  IT  people  aware  of  the  security 
aspects  of  their  jobs  so  they  correctly  imple¬ 
ment  and  maintain  the  technical  security  con¬ 
trols;  and  making  users  aware  of  their  respon¬ 
sibilities  to  use  the  technical  and  other  secur¬ 
ity  controls  properly). 

Secondly,  how  would  you  propose  to  secure 
that  part  of  the  information  that  is  not  in  the 
form  of  computer  data?  Technical  controls  are 
important  for  data  security,  but  what  about 
conversations  in  person  or  on  the  phone, 
hand-written  notes,  knowledge  in  the  heads  of 
workers? 

If  this  is  all  too  hard  for  you, consider  this.  Do 
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To  get  the  client  *  " 

software,  use  your  phone  browser  to 

visit  wap.connexto.com 


For  more  information  on  code  scanning 
see  www.nww.com/codescan 


you  drive  a  car?  How  did  you  learn?  Did  your 
mother  explain  how  to  cross  the  road  safely 
when  you  were  a  kid?  Did  you  read  the  road 
code  to  understand  the  basics  of  road  safety? 
Did  you  go  through  on-road  lessons  with  a  dri¬ 
ving  instructor,  followed  by  a  test  under  con¬ 
trolled  conditions?  And  after  you  passed  the 
test,  did  you  stop  learning  and  improving? 
That’s  essentially  the  same  education,  training 
and  awareness  sequence  that  promotes  good 
information  security  practices. 

Technology  is  part  of  the  solution,  not  the 
whole. 

Gary  Hinson 


Richard  Stiennon  replies: 

DHS  has  a  fixed  budget,  very  little  installed 
security,  and  an  ever-changing  user  group. 
What  do  they  spend  their  money  on?  A  whiz 
bang  mandatory  course  for  all  umpti-bajillion 
DHS  employees,  repeated  every  six  months? 
Or,  a  managed  password  control  system  ? 

Or  as  we  put  the  question  to  the  security 
research  team  at  Gartner  several  years  ago: 
You  have  $100  per  employee  per  year  to 
invest  in  security.  Do  you  spend  it  on  security 
awareness  training  or  deploying  strong 
authentication  in  the  form  of  tokens?  It  was 
funny  because  all  of  the  “soft”  security  guys 
voted  for  security  awareness  training.  All  of  the 
guys  with  real-world  experience  voted  for  the 
RSA  tokens. 

If  you  are  paying  attention  you  might  point 
out  that  just  about  everything  I  do  on  a  daily 
basis  —  blogging,  advising  clients,  interviews 
with  press  and  public  speaking  —  is  security 
awareness  training.  But  that  is  to  wake  up 
decision  makers,  get  them  off  their  duffs  and 
investing  in  security.  That  is  such  a  hard  task 
that  it  would  be  misguided  to  ask  them  to 
spend  money  on  training  Bobby  at  the  front 
desk  not  to  give  credentials  to  Kevin  Mitnick. 

Discuss  at  www.nwdocfinder.com/6023 

Router  password  recovery 

Re:  Parts  of  San  Francisco  network  still 
locked  out  (www.nwdocfinder.com/6024): 

Using  router  password  recovery  features  is 
mildly  annoying,  because  it  wipes  out  the  con¬ 
figuration  for  security  reasons  and  you  have  to 
rebuild  it.That’s  fine  as  long  as  you’ve  got  either 
a  backup  or  decent  network  configuration  doc¬ 
umentation  —  if  you  don’t,  then  you’re  hosed.  If 
the  city’s  network  administrators  don’t  have 
good  documentation,  or  it’s  all  in  one  place 
where  one  person  can  trash  it,  they’ve  got  seri¬ 
ous  management  troubles,  beyond  whatever 
damage  this  guy  may  have  done. 


Bill  Stewart 

Discuss  at  www.nwdocfinder.com/6025 

E-mail  letters  to  jdix@nww.com  or  send  them 
to  John  Dix,  editor  in  chief,  Network  World,  492 
Old  Connecticut  Path,  Framingham,  MA  01 701- 
9002.  Please  include  phone  number  and  address 
for  verification 
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Apple  finally  patches 
dangerous  DNS  flaw 

Apple  has  at  last  issued  a  patch  for  the  DNS  flaw  considered  one  of  the  most 
dangerous  vulnerabilities  ever  to  affect  the  Internet.  The  DNS  flaw  lets  an 
attacker  execute  a  cache  poisoning  attack,  in  which  traffic  to  a  legitimate 
domain  name  is  redirected  to  a  malicious  one  after  an  attack  on  a  DNS  server. 
The  user  can  type  in  the  correct  name  for  a  Web  site,  but  get  a  fake  one  instead, 
which  can  enable  a  phishing  attack.  Apple  is  among  a  handful  of  companies 
that  security  experts  have  said  moved  much  too  slow  in  reacting  to  the  DNS  bug. 
Other  vendors,  including  Cisco  and  Microsoft,  had  patches  ready  when  the  exis¬ 
tence  of  the  flaw  was  disclosed  on  July  8.  Apple’s  patch,  posted  late  last  week, 
will  fix  Apples  implementation  of  the  BIND  DNS  server  in  Mac  OS  X  vlO.4.11, 
Mac  OS  X  Server  vlO.4.11,  Mac  OS  X  vlO.5.4  and  Mac  OS  X  Server  vlO.5.4. 
ww.nwdocfinder.com/6042 


McAfee  to  buy  Reconnex.  Looking  to 
expand  its  range  of  data  protection  products, 
McAfee  said  it  will  acquire  Reconnex,  a 
maker  of  data  protection  appliances  and  soft¬ 
ware.  McAfee  expects  to  close  the  $46  million 
cash  acquisition  by  the  end  of  September  and 
will  roll  the  products  into  its  data  protection 
business  unit,  where  they  will  be  sold  under 
the  McAfee  Adaptive  Protection  brand  name. 
Founded  in  2003,  Reconnex  sells  software 
designed  to  prevent  sensitive  documents  and 
data  from  leaving  corporate  networks. The 
software  indexes  and  classifies  information 
and  then  stops  it  from  leaking  out  of  the  cor¬ 
porate  firewall. The  company  has  a  staff  of  85 
and  counts  Qualcomm,  Medstar  Health 
Systems  and  Webex  among  its  clients. 
www.nwdocfinder.com/6043 

Sun’s  Q4  profit  drops.  Sun’s  profit  dropped 
sharply  for  its  fourth  quarter  as  the  company 
warned  that  economic  troubles  in  the  United 
States  would  mean  lower  IT  budgets  and 
smaller  deals.  Sun  reported  a  net  income  of 
$88  million  for  its  fiscal  fourth  quarter,  com¬ 
pared  with  $329  million  for  the  same  period  a 
year  ago.  Revenue  came  in  at  $3.78  billion, 
down  1 .4%  from  $3,835  billion  a  year  prior. 
Sun  CEO  Jonathan  Schwartz  said  on  a  confer¬ 
ence  call  that  when  U.S. Treasury  Secretary 
Henry  Paulson  announces  more  bailouts  of 
financial  institutions,  it  will  affect  demand  for 
IT  products.  Instead  of  $100  million  product 
deals,  Schwartz  expects  to  see  deals  in  incre¬ 
ments  as  low  as  $50,000.  One  of  the  high 
points  for  Sun  is  its  Niagra  server  line,  which 
Schwartz  said  continued  to  have  strong 
growth.  For  the  full  year, Sun’s  revenue 
increased  just  4%,to  $13.88  billion.  Net 
income  for  fiscal  2008  was  $403  million,  com¬ 
pared  with  $473  million  in  2007. 
www.nwdocfinder.com/6044 

Toyota,  Sony  develop  personal  trans¬ 


portation  robot.  Toyota  last  week  demon¬ 
strated  a  Segway-like  personal  transportation 
device  called  the  Winglet  that  is  partly  based 
on  robotics  technology  from  Sony  The  Winglet 

looks  like  a  slimmed- 
down  version  of  the 
Segway  and  is  rid¬ 
den  in  a  standing 
position.  It  can  carry 
an  average-sized  per¬ 
son  a  distance  of  up 
to  10  kilometers  at  a 
speed  of  around  6 
kilometers  per  hour, 
according  to  Toyota. 
The  Winglet  is  con¬ 
siderably  lighter  than 
the  Segway  but  has  a 
shorter  range  and 
runs  more  slowly 
Three  versions  of  the 
Winglet  have  been  developed;  the  biggest  dif¬ 
ference  between  them  is  size  of  the  handle. 
The  Winglet  was  developed  by  a  10-man  team 
that  includes  five  engineers  on  loan  from 
Sony  Trials  will  begin  later  this  year. 
www.nwdocfinder.com/6045 

Motorola  buys  AirDefense.  Motorola  is 
acquiring  privately  held  AirDefense,  a  wireless 
intrusion-prevention  vendor,  to  strengthen 
security  for  its  wireless  LAN  product  line.The 
deal,  expected  to  be  finalized  in  a  few 
months,  gives  Motorola’s  enterprise  division  a 
well-regarded  wireless  IPS,  which  uses  radio 
sensors  and  software  that  detect,  classify 
locate  and  block  connections  between  enter¬ 
prise  WLAN  access  points  and  clients  and 
unauthorized  wireless  devices.  AirDefense  will 
continue  to  be  based  in  Alpharetta,  Ga.,  but 
will  become  part  of  Motorola’s  Enterprise 
Mobility  Division. The  acquisition  of 
AirDefense  is  the  latest  in  the  wireless  and 
mobile  space  as  Motorola  moves  to  split  off 


its  troubled  cell  phone  business.  Motorola 
formed  the  core  of  its  enterprise  mobility  divi¬ 
sion  with  its  $3.9  billion  acquisition  of  Symbol 
Technologies  in  2006. 

www.nwdocfinder.com/6046 

In-flight  cell  call  ban  advances  in 
Congress.  A  bill  that  would  stifle  in-flight  cel¬ 
lular  calls  despite  emerging  technologies  that 
finally  make  them  feasible  is  headed  for  the 
U.S.  House  of  Representatives.  The  proposed 
Halting  Airplane  Noise  to  Give  Us  Peace 
(HANG  UP)  Act  was  approved  by  the  House 
Transportation  and  Infrastructure  Committee 
on  a  voice  vote  last  Thursday  It  would  make 
permanent  the  long-standing  ban  on  such 
calls  by  the  Federal  Aviation  Administration 
and  FCC.The  next  stop  for  the  bill  will  be  the 
full  House,  after  which  companion  legislation 
would  have  to  be  passed  by  the  Senate  and 
signed  by  President  Bush. The  bill  wouldn’t 
ban  Internet  access,  e-mail  or  text-messaging. 
www.nwdocfinder.com/6047 

U.S.  sets  national  emergency  responder 
communications  plan.  In  an  effort  to  help 
eliminate  the  dangerous  and  inefficient 
hodgepodge  of  communication  and  network 
technology  used  by  emergency  response  per¬ 
sonnel,  the  U.S.  Department  of  Homeland 
Security  last  week  released  its  first  National 
Emergency  Communications  Plan. The  wide- 
ranging  and  complicated  83-page  NECP  is 
intended  to  bring  together  myriad  local, state 
and  federal  organizations,  as  well  as  to  stan¬ 
dardize  network  technology  that  will  fill  in 
gaps  in  the  way  first  responders  manage 
resources  and  communicate  during  an  emer¬ 
gency  DHS  cited  the  communications  failures 
of  the  Sept.  1 1  attacks,  the  Air  Florida  crash  in 
Washington,  D.C.,  in  1982  and  Hurricane 
Katrina  as  examples  of  disasters  that  in  part 
could  have  been  better  handled  by  more 
standardized  communications  technology 
www.nwdocfinder.com/6048 

Renting  Telepresence  technology  by  the 
hour.  Indian  telecom  service  provider  Tata 
Communications  plans  to  offer  Telepresence 
services  worldwide  based  on  technology  from 
Cisco.  In  addition  to  private  Telepresence 
rooms,  set  up  and  managed  at  customers’ 
premises,  the  company  also  plans  to  offer 
public  rooms  in  select  locations  which  com¬ 
panies  can  rent. This  cybercafe  model  is 
expected  to  attract  companies  that  do  not 
want  to  incur  the  cost  of  setting  up  a  private, 
dedicated  Telepresence  room  in  their  own 
office.Tata  has  set  up  public  rooms  in 
Chennai,  Bangalore  and  Bombay  lndia.lt 
plans  to  add  similar  rooms  in  two  other  loca¬ 
tions  in  India,  and  in  Boston  and  London  by 
September,  and  later  in  NewYork.The 
Telepresence  managed  service  is  priced  at 
around  $500  an  hour. 
www.nwdocfinder.com/6049 
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TECH  UPDATE  2.0: 


IDG  NEWS  WIRE: 


IDG  NEWS  WIRE: 


Enterprise  search 
dissected 

Implementing  search  in 
the  enterprise  presents 
many  more  challenges 
than  a  standard  Web 
search  engine  does. 
Attivio’s  Sid  Probstein 
compares  and  contrasts 
the  two  setups. 

www.nwdocfinder.com/6036 


Hackers  learn  lock¬ 
picking  skills 

New  York's  recent  Last 
HOPE  hackers  confer¬ 
ence  offered  sessions 
on  lock  picking,  escap¬ 
ing  high-security  hand¬ 
cuffs  and  a  lock-picking 
village. 

www.nwdocfinder.com/6037 


Children  are  the 
future 

At  a  recent  conference 
at  MIT,  students  and 
educators  came  from 
around  the  world  to  dis¬ 
cuss  the  uses,  benefits 
and  possible  improve¬ 
ments  for  the  Scratch 
programming  interface. 
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Managing  an  effective  workforce 


1 BLOGOSPHERE 


■  Who  is  the  face  of  the  IT  Pro  world? 

Randy  Muller  writes  in  his  All  about 
Microsoft  Certifications  blog:  “Who  is  the 
face  of  the  IT  Pro  world  to  the  corporate 
environment?  Is  it  the  network  administra¬ 
tor  or  the  Exchange  Administrator?  Is  it 
one  of  the  developers  or  DBA  types?  Or  is 
it  one  of  the  help-desk  people  —  those 
poor  folks  who  have  to  go  out  and  fix  a 
computer  or  assist  a  user  with  a  problem 
for  the  twelfth  time.  If  your  company  is  like 
most,  it  is  indeed  one  of  the  help-desk  peo¬ 
ple  who  generally  assist  with  a  problem 
first.  Which  brings  me  to  the  MCDST 
(Microsoft  Certified  Desktop  Support 
Technician)  and  the  new  Vista  certifica¬ 
tions.  There  is  a  need  for  a  help-desk  or 
support  technician  certification.” 
www.nwdocfinder.com/6027 

■  Slingbox  —  really  cool  on  the  road. 

Brian  Egler  writes  in  his  SQL  Server 
Strategies  blog:  “Paying  for  cable  access  is 
worth  it  to  me.  I  like  the  consistent  high¬ 
speed  Internet  access.  I  like  the  HDTV.  I  like 
the  Fox  Soccer  Channel,  although  I  seem  to 
have  to  buy  500  other  digital  stations  just  to 
get  that  one.  But  what  irks  me  is  that  when 
I  am  on  the  road,  I  am  still  paying  for  it,  even 
though  I  am  not  there.  Wouldn’t  it  be  nice  if  I 
could  access  my  cable  box  on  the  road? 
Enter  the  Slingbox.  Now,  before  we  start 
getting  into  legal  issues,  it  only  allows  one 
remote  connection  to  at  a  time,  which 
makes  sense  because  I  can  only  be  in  one 
place  at  a  time.  ...  So,  what  has  this  got  to 
do  with  SQL  Server?  Now  that  Slingbox 
Player  supports  Windows  Mobile,  I  am  look¬ 
ing  forward  to  upgrading  to  a  smartphone 
and  watching  the  BBC  while  running  SQL 
Server  2008  Compact  Edition  on  my  cell 
phone.”  www.nwdocfinder.com/6028 

■  Tweets,  twits,  and  the  California 
earthquake.  Network  World  editor  John 
Cox  writes  in  his  blog:  "I've  been  reading  a 
MG  Siegler  post  at  VentureBeat  about  how 
the  140-character  Twitter  messages 
(called  tweets)  began  flooding  through  the 
Twittersphere  within  seconds  of  this 
week’s  earthquake,  many  of  them  generat¬ 
ed  by  mobile  users  with  cell  phones;  about 
how  the  Associated  Press  took  9  entire 
minutes  before  posting  its  first  story  about 
what  had  happened;  and  about  how  this  is 
yet  another  ‘powerful  reminder  ofTwitter’s 
potential.’  Potential  for  what,  exactly?  Here 
is  the  first  tweet  on  the  L.A.  earthquake, 
sent  in  its  entirety,  by  ‘ Vixy’:  “earthquake”. 

I  guess  that  can  qualify  as  ‘information,’ 
but  it  doesn’t  really  qualify  as  ‘news.’” 
www.nwdocfinder.com/6030 


Network  management:  IT  managers 
responsible  for  staffing  their  departments 
can  no  longer  rely  only  on  specific  certifica¬ 
tions  and  specialized  experience  when 
looking  to  create  an  IT  team  that  can 
address  business  demands  and  anticipate 
future  needs.Creating  such  a  workforce 
requires  IT  managers  inventory  the  skills 
their  current  staff  possesses,  and  identify 
potential  synergies  in  various  roles  and 
responsibilities.  Research  firm  Gartner 
described  the  process  of  assembling  such  a 
staff  as  “building  the  next-generation  IT 
workforce:  focus  on  synergies”  at  its 
Symposium/ITxpo  conference  last  fall. 
Separately,  Foote  Partners’  CEO  and  Chief 
Research  Officer  David  Foote  referred  to 
individuals  filling  such  roles  as  hybrid  IT 
workers. “Hybrid  jobs  require  IT  profession¬ 
als  to  sit  down  at  a  business  meeting  and  be 
able  to  predict  and  deliver  the  technology 
the  business  will  need  to  meet  its  goals  and 
go  about  implementing  it,”  said  Foote  late 
last  year  during  a  Network  World  interview. 
“The  premise  of  IT/business  hybrid  roles 
started  at  the  CIO  level.  In  2008,  you  will  see 
it  as  far  down  as  the  $60,000-per-year  opera¬ 
tions  people.”  Part  of  the  reason  the  hybrid  is 
emerging  in  IT  is  that  the  walls  between  tra¬ 
ditionally  “siloed”  IT  disciplines  are  coming 
down. Technologies, such  as  virtualization, 


and  best  practice  frameworks,  such  as  ITIL, 
require  IT  staff  to  work  across  the  intangible 
boundaries  of  the  past  to  deliver  optimized 
IT  services.  Gartner  identified  seven  synergy 
skills  that  can  help  CIOs  build  the  workforce 
capable  of  delivering  integrated  IT  services. 
www.nwdocfinder.com/6032 

Tech  exec:  While  you  can’t  really  put  a  dol¬ 
lar  value  on  it,  your  company  Web  site  is  a 
very  important  asset.  At  the  very  least,  the 
Web  site  provides  a  means  to  disseminate 
information  about  your  business  to  people 
all  over  the  world. You  might  also  use  the 
Web  site  to  sell  goods  and  services,  or  to 
encourage  a  sense  of  community  through 
forums  and  portals  for  partners,  customers 
and  employees.  As  we  delve  deeper  into  the 
era  of  Web  2.0,  corporate  Web  sites  are  used 
to  provide  a  multitude  of  services.  But  what 
would  you  do  if  customers  began  to  com¬ 
plain  that  your  Web  site  is  not  accessible  to 
people  with  disabilities  who  use  assistive 
technology?  What  if  the  Web  site  is  pep¬ 
pered  with  broken  links  that  leave  visitors 
frustrated  because  they  can’t  get  to  the 
information  they  want?  There’s  a  new  disci¬ 
pline  called  Web  governance  that  involves 
crawling  through  the  multitude  of  pages  of  a 
Web  site,  looking  for  signs  of  trouble. 
www.nwdocfinder.com/6033 
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Your  potential.  Our  passion. 

Microsoft 


When  Starbucks  chose  Windows  Server 
it  wasn't  just  to  streamline  infrastructure 
management  in  its  16,000  current  local 
They  wanted  a  foundation  reliable  enoui 
meet  their  long-term  growth  plans.  For 
information,  visit  serverunieashed.corr 


STABBOCKS  COFKE 


STAB3UC**  CO*rtt 


Starbucks  I.T.  found  a  partner  to  help  support  16,000 


To  get  the  full  case  study  now,  text  "WS2008"  to  61211 


Standard, messaging  rates  apply.  Starbucks  and  the  Starbucks 
logo  are  registered  trademarks  of  Starbucks  U.S  Brands.  LLC. 
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NEWS  ANALYSIS 


The  need  for  WAN  speed 


Application  performance  management  and 
WAN  acceleration  are  hard  problems  to 
solve  and  are  part  of  a  market  segment 
loaded  with  vendor  mythology  from  such 
players  as  Cisco,  Riverbed  Technology,  Blue 
Coat  Systems,  Silver  Peak  Systems  and  oth¬ 
ers.  Recently  Jim  Metzler  was  the  guest  for  a  live  Network 
World  chat.  Widely  known  as  one  of  the  industry's  foremost 
gurus  of  WAN  acceleration,  Metzler  is  also  a  sought-after  speak¬ 
er  and  consultant.  He  is  vice  president  of  Ashton,  Metzler  & 
Associates,  co-author  of  Network  World  s  Wide  Area  Networking 
newsletter,  and  the  moderator  for  the  Network  &  Application 
Acceleration  track  at  Network  World  s  traveling  event,  IT 
Roadmap.  A  full  transcript  of  the  chat  can  be  found  at 
www. nwdocfinder.com/6039. 

%20www.tredent.com:  Jim,  what  are  the  different  approaches  by  the  vendors  in 
this  market? 

Blue  Coat  will  focus  on  security  and  a  deep  understanding  of  applications.  Riverbed  is 
moving  into  applying  similar  technology  to  what  they  currently  have  in  the  storage 
space.  Foundry  comes  from  a  great  knowledge  of  networking  and  is  moving  into  applica¬ 
tions.  One  of  F5s  strengths  is  its  knowledge  of  applications,  but  it  does  not  have  a  back¬ 
ground  in  networking.  Cisco  is  the  networking  leader  and  always  focuses  on  how  its 
WAN  optimization  controllers  (WOC)  integrate  well  with  the  network.  Citrix  has  a  broad 
range  of  solutions  that  focus  on  application  delivery  —  starting  with  its  core  presentation 
server.  It  is  also  worth  remembering  the  Citrix  is  basically  a  software  company  and  many 
of  its  competitors  are  basically  hardware  companies. The  bottom  line  to  all  of  this  is  that 
I  don’t  see  this  market  becoming  a  commodity  any  time  soon. 

Stefan  Gasteiger:  Jim,  I’m  not  deep  into  WAN  acceleration,  but  how  does  it  fit  into 
scenarios  with  heavy  IGA  traffic  or  Notes  replication  traffic? 

WAN  acceleration  is  a  very  broad  topic.  Some  applications  (CIFS  traffic  that  results  from 
server  consolidation)  scream  out  for  optimization.  Other  traffic  (VoIP)  requires  QoS  so 
that  other  traffic  (bulk  file  transfers)  do  not  interfere  with  it. The  bottom  line  is  that  there 
are  differing  traffic  types  and  they  often  require  differing  techniques. 

enric:  Are  today’s  WOG  players  fitting  the  real  customers  demands?  And  how  are 
the  service  providers  approaching  this? 

This  is  also  a  multi-faceted  question.  1  believe  that  the  WOC  players  are  filling  real  needs 
today  1  say  that  in  part  because  the  deployment  of  these  appliances  is  on  the  upswing. 

The  question  about  service  providers  is 
fascinating.  I  believe  that  there  is  a  role 
for  service  providers.  For  example, 
Akamai  offers  an  Internet  overlay  ser¬ 
vice  today  to  make  the  Internet  per¬ 
form  more  like  a  private  WAN.  Other 
services  providers  (Orange)  will  basi¬ 
cally  install  and  manage  WOCs  on  your 
premise. The  service  providers  who  win 
in  this  space  offer  planning  and  design 
services  and  develop  a  deep  under¬ 
standing  of  the  key  applications 
(SharePoint.SAROracle)  and  under¬ 
stand  how  to  best  optimize  them.  ■ 


ONLINE:  Join  our  next  chat 

Facebook:  friend  or  foe?  Social  soft¬ 
ware  guru  Curt  Monash  will  be  on  hand 
to  discuss  on  Aug.  19  at  2  p.m.  EDT.The 
next  chat  will  be  Sept.  10  as  Fred 
Wettling  talks  about  IPv6  strategies  for 
the  enterprise. 

www.networkworld.com/chat 


InBrief 


HP  closes  in  on  EDS  buy 

Electronic  Data  Systems  stockholders  last 
week  overwhelmingly  approved  the  sale  of 
the  giant  systems  integrator  to  HP,  bringing 
the  $13.9  billion  deal  one  important  step 
closer  to  completion. The  move  follows  the 
European  Commission's  July  25  vote  to  give 
the  deal  antitrust  clearance.  However,  HP 
and  EDS  must  still  clear  regulatory  hurdles 
in  other  non-U. S.  and  non-E.U.  jurisdictions, 
EDS  said.  If  it  receives  all  approvals,  EDS 
expects  the  sale  to  close  in  the  third  quarter. 

Oracle  buys  Global  Knowledge 
Software 

Oracle  has  bought  a  developer  of  enter¬ 
prise  software  training  automation  tools. 
Global  Knowledge  Software  develops 
tools  for  building  self-service  training 
courses  for  enterprise  software  vendors 
including  Oracle,  Microsoft  and  SAP. 
Oracle,  a  long-standing  GKS  customer, 
used  the  company’s  tools  to  build  its 
Oracle  User  Productivity  Kit  as  a  comple¬ 
ment  to  its  OracleTutor  software.  It  plans 
to  provide  training  content  modules  for  all 
its  application  products  using  GKS  tools. 
Oracle  says  it  will  continue  to  support 
customers  that  use  GKS  tools  to  train  on 
non-Oracle  applications,  and  hopes  to 
expand  this  part  of  the  business.The  com¬ 
panies  hope  to  close  the  deal  in  the  third 
quarter.They  did  not  disclose  financial 
details.  Around  130  GKS  employees  will 
join  Oracle  as  a  result  of  the  deal. 

Yahoo,  Intel  and  HP  form  cloud 
computing  labs 

HP,  Intel  and  Yahoo  are  partnering  for  cloud 
computing  research  and  education.The  trio 
of  computer  industry  titans  are  forming  the 
Cloud  ComputingTest  Bed,  which  they 
describe  as  a  global,  open-source  effort 
designed  to  promote  research  on  software, 
data  center  management  and  hardware  for 
large-scale,  Internet-hosted  computing. 
Partners  in  the  initiative  include  the 
Infocomm  Development  Authority  of 
Singapore,  the  University  of  Illinois  at 
Urbana-Champaign,  the  National  Science 
Foundation  and  the  Karlsruhe  Institute  of 
Technology  in  Germany.The  founding  mem¬ 
bers  and  partners  will  host  six  “centers  of 
excellence,"  each  of  which  will  have  a  cloud 
computing  infrastructure  mostly  based  on 
HP  hardware  and  Intel  processors. The  cen¬ 
ters  will  have  1,000  to  4,000  processor  cores 
and  are  expected  to  be  up  and  running  later 
this  year  for  selected  researchers  from 
around  the  globe. 
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We'll  help  you  get  more  with  a  multifunction  printer. 

Like  office  space,  for  example. 


Brother*  MFC-9840CDW _ 

•  Wireless  network-  and  duplex- ready  color  laser 
printer,  copier,  scanner  and  fax 

•  Mfr.  speed  rating:  up  to  21  ppm,  17  ppm  black 
and  color 

•  Print  resolution:  up  to  2400  x600  dpi 

•  Scan  resolution:  up  to  1200x2400  optical  dpi 

•  USB  2.0  and  Ethernet  ports,  plus  wireless  802.11  b/g 


brother  799" 

COW  1294242 


Ricoh  Aficio  SPC222SFMFP _ 

•  Network-ready,  color  laser  printer,  copier,  . 
scanner  and  fax 

•  Mfr.  speed  rating:  up  to  21  ppm  black  and  color 

•  Print  resolution:  up  to  2400x600  dpi 

•  Scan  resolution:  up  to  1200x1200  dpi 

•  Duty  cycle:  up  to  30,000  pages  per  month 

•  Wireless  printing  options  available 

•  USB  and  Ethernet  ports 

•  One-year  onsite  warranty 

RICOH  $fMQ  mfp 

04J  CDW 1369557 
ICn  INSTANT 
"  I  JU  SAVINGS' 

$699 


We're  there  with  the  printer  solutions  you  need. 

If  your  office  equipment  is  starting  to  take  over,  it  might  be  time  to  simplify.  With  CDW,  you'll  have  a 
personal  account  manager  that  can  help  you  find  a  multifunction  printer  to  take  care  of  all  your  faxing, 
printing,  scanning  and  copying  in  one  place.  That  way,  you'll  be  able  to  save  time.  And  with  one  device- 
handling  everything,  you'll  be  able  to  save  money  too.  So  call  CDW  today  and  start  doing  a  lot  more, 
with  a  lot  less.  ■  :  ■ 


CDW.com 


800.3S9.4CDW 


$150  instant  savings  offer  valid  through  9/30/08  or  while  supplies  last.  Offer  subject  to  CDW's  standard  terms  and  conditions1  of  sale,  .available  at  CDW.com. 
©2008  CDW  Corporation 


Canon  imageCLASS  MF6595 _ 

•  Network- and  duplex-ready,  monochrome  laser 
printer,  copier,  scanner  and  fax 

•  Mfr.  speed  rating:  up  to  24  ppm 

•  Print  resolution:  up  to  1200x600  dpi 

•  Duty  cycle:  up  to  15,000  pages  per  month 

•  Hi-Speed  USB  2.0  and  Ethernet  ports 

•  33.6  Kbps  Super  G3  fax  with  up  to  1,000 
pages  of  reception  memory 

•  Incorporates  Canon's  Single  Cartridge  System 

•  One-year  limited  warranty  with  onsite  service 

Canon  $998" 


CDW  1424054 
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Community  roots  bolstering  Linux 

Latest  evidence  to  be  on  display  at  this  week’s  LinuxWorld  show 


Operating  system  growth 

Over  the  past  year,  Linux  has  enjoyed  faster  growth  than  Microsoft  in  the  number  of 
new  operating  systems  shipped,  based  on  percentage;  but  Microsoft  continues  to  have 
the  highest  volume  of  overall  units.  Macintosh  client  operating-system  shipments 
increased  significantly  on  the  back  of  Leopard. 


Server  OS 

2006  unit 
shipments 

2007  unit 
shipments 

Percentage  growth 

Linux* 

2.4  million 

2.7  million 

+12.5 

Windows* 

5.3  million 

5.7  million 

+7.5 

Client  OS 

Linux* 

9.6  million 

11.5  million 

+19.8 

Windows* 

204  million 

239  million 

+17.1 

Macintosh 

6.5  million 

10  million 

+53.8 

*  Paid  and  non-paid  copies  SOURCE:  IDC 


BY  JOHN  FONTANA 

Linux  is  finding  its  legs  as  the  foundation  of 
many  technologies,  and  in  the  process  is  fuel¬ 
ing  a  feedback  loop  that  is  helping  accelerate 
the  operating  system’s  popularity. 

As  more  and  more  people  contribute  from 
such  areas  as  mobile,  data-center  power  man¬ 
agement  and  real-time  technologies,  innova¬ 
tions  are  coming  rapid-fire;  when  those  are 
folded  into  the  Linux  kernel,  they  provide  ben¬ 
efits  across  a  wide  spectrum. 

For  example,  data-center  power-management 
features  are  being  tapped  to  help  extend 
Linux-based  mobile  devices’  battery  life. 

The  evidence  of  the  cooperation  will  be  on 
display  at  this  week’s  LinuxWorld  conference 
in  San  Francisco.  (Disclosure;  Network  Worlds 
parent  company  IDG  operates  LinuxWorld.) 

The  conference  is  expected  to  draw  10,000 
attendees  to  nearly  100  sessions  and  200 
exhibitor  booths.  There  are  also  a  mini-confer¬ 
ence  on  Mobile  Linux;  the  Linux  Garage,  which 
will  highlight  the  latest  embedded-Linux  gad¬ 
gets;  an  installation  fest  to  benefit  San 
Francisco-area  schools;  an  open  source  voting 
demonstration;  and  the  annual  Pbnguin  Bowl 
that  will  pit  teams  dedicated  to  mobile  Linux 
and  server  Linux  against  each  other. 

“When  you  look  at  how  people  use  technol¬ 
ogy  —  embedded  systems,  mobile  computing, 
mobile  Internet  devices,  servers,  supercomput¬ 
ing  —  in  almost  every  aspect  of  technology 
Linux  is  emerging  as  the  dominant  platform,” 
says  Jim  Zemlin,CEO  of  the  Linux  Foundation. 

Windows  still  enjoys  healthy  unit-shipment 
leads  on  servers  and  client  systems,  but  Zemlin 
says  as  Linux  use  has  increased  it  is  fueling  a 
positive  feedback  loop  because  of  its  commu¬ 
nity  development  roots. 

“When  a  Wall  Street  trading-application 
developer  uses  real-time  Linux,  or  when  the 
Defense  Department  is  creating  real-time  tech¬ 
nology  for  robust,  embedded  defense  systems; 
that  same  technology  gets  contributed  back  to 
the  Linux  kernel,  and  it  might  benefit  mobile 
phone  developers  by  offering  the  tools  to  cre¬ 
ate  more  stability’ 

The  feedback  loop  isn’t  new,  but  Zemlin  says 
it  is  getting  rocket  fuel  from  the  growing 
legions  of  Linux  developers.  In  the  past  two 
years,  3,200  developers  have  contributed  to  the 
Linux  kernel,  he  says.  In  one  year  alone,  1,762 
unique  kernel  contributions  were  logged,  and 
2,000  lines  of  code  are  written  every  day  The 
Linux  kernel  has  a  release  every  two  and  a  half 
months,  and  a  new  Linux  distribution  is 
released  every  six  months. 

“We  are  seeing  this  incredibly  unique  cross- 
pollinization  of  innovation,” Zemlin  says. 

Bill  Weinberg, an  analyst  and  consultant  with 
LinuxPundit,  and  the  chair  of  the  LinuxWorld 


Mobile  conference,  says  the  discussion  goes 
beyond  just  Linux  as  a  platform. “We’ve  had  a 
lot  of  hand-wringing  around  fragmentation  in 
the  past,”  he  says. 

This  year,  Weinberg  has  added  a  track  about 
applications,  which  historically  has  been  a 
weak  spot  for  the  operating  system.  “How  do 
you  create  applications  for  mobile  and  embed¬ 
ded  Linux,  how  do  you  to  go  to  market  with 
Linux  systems,  how  are  they  received  by  the 


BY  JOHN  COX 

You  can  think  of  it  as“Schoogle.” 

That  would  be  Google’s  laid-back  but 
unflinchingly  ambitious  plan  to  woo  college 
and  university  IT  departments  into  outsourcing 
not  just  student  e-mail  but  Web-based  produc¬ 
tivity  applications  and  calendaring  to  the 
search  giant. 

A  growing  number  of  schools  are  doing  just 
that.  Last  week  Google  announced  that  13  new 
U.S.  institutions  had  signed  up  for  the  free,  and 
ad-free,  cloud-based  services,  from  the  Collin 
County  Community  College  District  in  Plano, 
Texas,  to  such  giants  as  Ohio’s  Kent  State 
University  and  Indiana  University. 

That  brings  the  total  number  of  Google-ized 
institutions  worldwide  to  about  2,000  since  the 
Google  Apps  Education  Edition  program  was 
announced  almost  two  years  ago.  Google  says 
there  now  are  1  million  active  student  and  fac¬ 
ulty  users.  To  promote  the  idea,  Google 
announced  it’s  launching  in  September  the 


eco-system,  how  do  [independent  software 
vendors]  actually  make  money  with  apps,  and 
how  do  operators  roll  out  new  services  and 
deploy  apps  to  support  their  business  models,” 
Weinberg  said. 

Motorola  will  talk  about  the  LiMo  (Linux 
Mobile)  Foundation,  which  began  18  months 
ago;  and  Intel  will  detail  its  mobile  Atom 
Processor  and  Moblin.org,  which  focuses  on 
creating  Internet-centric  mobile  applications.* 


“App  to  School”  road  trip,  a  lOstop  tour  aboard 
an  “eco-friendly”  bus,  that  will  schools  from 
coast  to  coast  to  talk  about  Google  applica¬ 
tions  and  listen  to  what  students  have  to  say 
about  them. 

Google  isn’t  alone  courting  IT  departments 
and,  especially  students:  Microsoft’s  presence, 
with  its  Microsoft  Live  online  services,  makes 
the  courtship  a  battlefield.  Outfitting  students 
with  Windows  laptops  is  no  longer  enough  to 
ensure  their  loyalty  To  meet  and  hold  a  new 
generation  that’s  living  on  the  Web,  both  com¬ 
panies  are  turning  to  a  new  generation  of  Web 
applications.  Microsoft  just  released  a  new, 
flash-based  front  end  to  Live. 

Google’s  education  outreach  began  with 
Arizona  State  University,  which  outsourced  its 
e-mail  operation  for  65,000  students  to 
Google’s  Gmail,  giving  users  a  range  of  services 
unavailable  on  the  school’s  existing  e-mail  sys¬ 
tem,  for  example,  6GB  of  storage,  built-in  chat, 

See  Campus,  page  34 


Google,  Microsoft  woo 
higher  ed  with  freebies 
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For  you,  it’s  a  problem  you  didn’t  see  coming 


For  your  business,  it’s  a  customer 
you  won’t  see  coming  back. 


•  > 


You  can’t  anticipate  every  problem.  But  Emerson  Network  Power  and  its 
Liebert  power  and  cooling  technologies  can  help  you  create  an  IT  infrastructure 
that  is  ready  for  anything— unplanned  outages,  unpredictable  growth  or 
unexpected  technologies. 


One  example  is  the  Liebert  NX,  a  software-scalable  UPS  that  can  double  in 
capacity  without  adding  or  modifying  hardware.  Download  our  white  paper, 
Powering  Change  in  the  Data  Center,  and  discover  what  Liebert  technologies 
can  do  for  your  operating  flexibility,  at  flexibility.liebert.com. 


Liebert  flexibility 

Just  another  reason  why  Emerson  Network  Power  is  the  global  leader 
in  enabling  Business-Critical  Continuity' 
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I  meison.  Business  c  i  it  it  «il  Continuity  and  Liebert  are  trademarks  of  Emerson  Electric  Co.  or  one  of  its  affiliated  companies,  (07007  Emerson  Electric  Co. 
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What  are  critical  issues  with  VoIP? 

SIP  interoperability,  VoIP  security  and  service  provider  offerings  explained 


BY  BRAD  REED 

VoIP  services  are  rapidly  becoming  the 
bread  and  butter  of  enterprise  voice  networks, 
as  roughly  72%  of  all  enterprise  voice  lines 
shipped  by  vendors  in  2007  were  IP-capable. 
Now  that  companies  are  definitively  moving 
away  from  the  traditional  TDM  voice  networks 
and  into  Session  Initiation  Protocol-based 
(SIP)  VoIP  networks,  we  examine  the  VoIP 
industry’s  most  pressing  issues,  including  SIP 
interoperability  TDM-to-SIP  transition  services 
and  VoIP  security  issues. 

1.  Is  SIP  interoperability  still  a 
m^jor  concern? 

As  Nemertes  Research  analyst 
Irwin  Lazar  puts  it:  “It’s  more  a  hin¬ 
drance  than  major  flaw  at  this 
point.”  Three  years  ago,  a  team  of 
iLab  engineers  found  that  while  dif¬ 
ferent  VoIP  vendors  could  ensure 
basic  connectivity  between  their  SIP-based 
phones  and  devices,  there  also  were  “signifi¬ 
cant  failure  rates”  for  enterprise  VoIP  features 
and  standard  security  parameters.  Lazar  says 
that  key  basic  VoIP  features  such  as  caller  ID, 
message  waiting  lights, hold  and  three-way  call¬ 
ing  are  “pretty  well  standardized,”  but  more 
advanced  features  such  as  multiple  line 
appearances,  call  bridging  and  intercom  still 
face  significant  SIP  interoperability  issues 
between  vendors. 

Jeff  Brandt,  the  general  manager  of  IT  infra¬ 
structure  design  and  engineering  for  business 
processing  firm  Sutherland  Global  Services, 
expresses  a  similar  viewpoint.  He  says  that  he 
has  concerns  about  a  lack  of  SIP  interoperabil¬ 
ity  for  advanced  carrier-level  features  for  his 
company’s  call  centers,  noting  in  particular 
that  there  are  limits  to  advanced  enterprise 
options  that  have  strong  SIP  interoperability 
Brandt  says  that  his  main  concerns  are  features 
such  as  interfacing  with  percent  allocation 
capabilities,  as  well  as  general  bandwidth 
capacity  concerns  for  SIP-based  systems. 

“In  a  contact-center  space,  it’s  difficult  to 
predict  spikes  in  the  network  that  are  unfore¬ 
seen,”  he  says.  “After  AT&T  launches  the  3G 
iPhone,  for  instance,  who  knows  what  that 
will  bring  to  our  call  centers?  The  SIP  world 
has  not  fully  matured  yet  to  handle  that  kind 
of  flux  in  traffic.” 

Brandt  also  says  that  some  companies  might 
experience  SIP  interoperability  problems 
because  SIP  is  a  relatively  new  technology  for 
a  lot  of  enterprises  and  IT  departments  don’t 
yet  have  the  same  familiarity  with  SIP-based 
systems  as  with  TDM  systems. 

“Everyone  understands  how  TDM  works,  but 
in  the  SIP  environment  there  has  to  be  some 
more  effort  to  get  people  to  understand  how  it 


operates,”  he  says. 

But  Marc  Tolbert,  the  volunteer  IT  coordina¬ 
tor  for  Bullitt  County  Adult  &  Community 
Education  in  Shepherdsville,  Ky,  says  the  big 
SIP  interoperability  problems  are  mostly  expe¬ 
rienced  by  large  enterprises,  and  small  and 
midsize  businesses  with  more  basic  VoIP  needs 
will  have  very  trouble-free  experiences  with 
SIP  systems. 

“Previously  a  lot  of  people  would  experi¬ 
ence  problems  because  of  a  lack  of  stan¬ 
dards,  but  that  was  a  few  years  back,”  Tolbert 
says. “When  it  comes  down  to  it, 
unless  you’re  doing  something 
really  bizarre  and  funky  with 
your  implementation,  you  won’t 
have  many  problems.” 

2.  Are  service  providers 
offering  smooth  transition 
services  to  move  from  TDM 
to  VoIP  services? 

The  answer  seems  to  be  “yes,”  as  long  as  the 
service  provider  offers  SIP  trunking  services. 
With  the  SIP  Forum’s  ratification  of  Version  1.0 
of  the  SIP  connect  standard  earlier  this  year,  the 
industry  for  the  first  time  has  a  standard  to 
define  interoperability  between  IP  telephony 
systems  and  service-provider  VoIP  systems.This 
is  important  because  SIP  trunks  provide  a  rela¬ 
tively  simple  way  for  locations  with  IP  telepho¬ 
ny  to  communicate  with  locations  that  are  still 
using  legacy  public  switched  telephone  net¬ 
works  (PSTN). 

“Without  SIP  trunking,  if  you  want  to  make  a 
call,  you’ve  got  to  buy  a  separate  gateway  for 
each  location,  as  well  as  dedicated  circuits,” 
Lazar  says.  “With  SIP  trunking,  you  can  carry 
calls  over  an  MPLS  connection  and  any  con¬ 
version  has  to  go  on  within  a  service  provider’s 
network.” 

However,  Lazar  says  that  SIP  trunking  services 
are  not  universally  available  and  he  has  heard 
some  complaints  from  enterprise  users  about 
legacy  providers  that  don’t  offer  much  in  the 
way  of  SIP  trunking. 

Randy  Young,  the  vice  president  of  network 
engineering  for  managed  facility-based  VoIP 
provider  Cypress  Communications,  says  that 
switching  to  a  VoIP  network  from  a  TDM  net¬ 
work  often  results  in  problems  such  as  echo 
and  latency  unless  the  VoIP  vendor  takes  cer¬ 
tain  steps  to  ensure  that  they  will  have  high  ser¬ 
vice  quality 

“When  you  route  calls  to  a  SIP  provider,  you 
want  to  peer  directly  with  their  network  rather 
than  go  directly  across  the  Internet  and  hop 
across  two  or  three  different  networks,”  he  says. 
“Personally  speaking,  we  prefer  peering  to 
going  through  an  open  Internet.” 

Looking  forward,  Brandt  says,  service 


providers  have  strong  incentives  to  provide 
smooth  TDM-to-VoIP  transition  services 
because  they  want  to  develop  enough  trust 
with  businesses  so  that  businesses  will  eventu¬ 
ally  let  them  manage  enterprise  voice  plat¬ 
forms.  And  while  there  may  be  bumps  such  as 
latency  and  echo  along  the  way  Brandt  says 
service  providers  will  only  be  successful  if  they 
can  prove  trustworthy  to  enterprise  users. 

“The  smooth  transition  to  VoIP  is  going  to  be 
slow,  but  they’re  starting  to  gain  some  ground,” 
he  says. ‘At  the  beginning  stages  ofVoIRit  was 
kind  of  an  unknown  quantity  But  now  that 
greater  understanding  of  VoIP  is  out  there, 
some  enterprises  are  releasing  control  of  their 
platforms  again  to  the  carriers.” 

3.  Besides  providing  a  smooth  transition 
from  TDM-  to  SIP-based  VoIP,  what  other 
advantages  does  SIP  trunking  have? 

The  biggest  advantage  is  cost  savings.  “If 
you’ve  got  a  small  office  and  you’re  paying 
$800  a  month  for  a  dedicated  T-l  line  and  a 
gateway  you  can  use  SIP  trunking  to  move  that 
into  the  cloud  for  less  money’ Lazar  says. 

But  it  isn’t  just  about  the  money  —  SIP  trunk¬ 
ing  can  greatly  simplify  your  network  architec¬ 
ture  as  well.  As  former  Network  World  blogger 
Denise  Donahue  outlined  last  year,  SIP  trunks 
provide  the  same  links  for  both  intra-office 
calls  sent  over  the  WAN  and  outside  office  calls 
sent  over  the  PSTN  or  even  the  Internet. 

“The  main  advantage  of  SIP  trunking  is  that 
you  don’t  have  to  run  additional  lines  into  your 
main  site,”  Tolbert  says.  “By  allowing  you  to 
trunk  into  whoever  you  want  to  use  who  has 
capacity  at  the  other  end,  it  gives  you  a  kind  of 
Vonage-type  connection  for  a  business-class 
customer’’ 

Brandt  expresses  a  similar  view,  and  notes 


VoIP  event 

Exactly  what  is  unified  communica¬ 
tions?  What  does  it  encompass?  Why 
do  you  need  it?  What's  the  difference 
between  UC  and  unified  messaging? 
How  will  it  affect  your  bottom  line? 
We'll  answer  these  questions  and  pro¬ 
vide  enterprise  IT  managers  with 
practical  solutions  to  understand  the 
UC  market,  and  determine  how  to  plan 
for  UC  within  their  organizations. 
Attend  IT  Roadmap:  Seattle  on  Aug. 
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VoIP  security  threats  defined 

The  top  VoIP  vulnerabilities,  as  outlined  by  VoIP  security  vendor 
VolPShield  are  as  follows: 

Service  availability  threats:  Deniai-of-service  attacks,  worms  and  viruses  that  tar¬ 
get  IT  networks  can  have  crippling  effects  on  VoIP  services,  as  VoIP  relies  upon  real¬ 
time  communications  to  work  effectively.  DoS  and  virus  attacks  are  "the  most  signifi¬ 
cant  VoIP  security  threats  due  to  the  possibility  of  lost  revenues,  system  downtime,  lost 
productivity  and  unplanned  maintenance  costs." 

Service  integrity  threats: These  involve  hackers  directly  hooking  up  to  a  VoIP  sys¬ 
tem  through  stolen  or  guessed  user  accounts  and  passwords  and  using  them  to  obtain 
sensitive  information.  Callers  on  the  network  could  thus  unwittingly  open  themselves 
up  to  toll  fraud,  identity  theft  and  spam  attacks  by  communicating  with  a  hacker  over  a 
compromised  line.  Additionally,  VolPShield  says  that  the  connection  between  VoIP  net¬ 
works  and  public  switched  telephone  networks  (PSTN)  will  inevitably  produce  "new 
vectors  of  attack  and  provide  opportunities  for  attacks  on  PSTN  through  the  VoIP  net¬ 
work." 

Eavesdropping:This  can  occur  over  VoIP  lines  when  a  hacker  uses  Session  Initiation 
Protocol  messages  and  Real  Time  Protocol  packets  to  directly  intercept  messages  sent 
overVolP  networks. 


that  SIP  trunking  shrinks  the  footprint  of  tech¬ 
nologies  that  enterprises  need  to  the  point 
where  IT  departments  need  only  a  single  or 
dual  Ethernet  connection  instead  of  the  multi¬ 
ple  cables  and  pieces  of  hardware  they  would 
need  for  a  traditional  TDM  system.  And  in  addi¬ 
tion  to  being  good  for  users,  Brandt  says  that  it’s 
a  boon  for  carriers. 

“Just  like  with  enterprises,  SIP  trunking  lets 
carriers  decrease  the  overall  number  of  hard¬ 
ware  components  in  their  data  centers,”  says 
Brandt,  whose  company  relies  on  Avaya  media 
gateways  to  support  SIP  trunking  capabilities. 

On  top  of  all  this,  Lazar  notes  that  SIP  trunking 
gives  companies  strong  call-routing  capabilities 
to  send  incoming  calls  to  outsourced  call  cen¬ 
ters.  Thus,  he  says,  a  retail  chain  can  automati¬ 
cally  send  calls  from  one  of  its  stores  into  a  call 
center,  cutting  down  on  the  amount  of  labor  it 
uses  to  answer  phones  within  the  store.  If  the 
call  center  doesn’t  have  the  answer  to  a  cus¬ 
tomer’s  question,  the  call  can  be  easily  trans¬ 
ferred  back  to  the  store  for  an  on-site  employee 
to  answer. Tolbert  also  says  that  SIP  trunks  pro¬ 
vide  a  simple  and  quick  way  to  handle  calls 
coming  in  through  PSTN  and  SIP  systems. 

“When  I  converted  my  VoIP  system  from  my 
traditional  system,  it  took  me  about  15  min¬ 
utes,”  says  Tolbert,  who  uses  VoIP  vendor 
Syspine’s  small-business  phone  system  with 
Microsoft’s  Response  Point  System  installed. 
“And  support-wise,  I  don’t  have  to  do  squat  with 
it.  I  helped  train  one  of  the  secretaries  to  man¬ 
age  the  entire  system,  which  is  something  I 
couldn’t  have  done  with  a  traditional  TDM 
phone  system.” 

4.  What  should  be  your  biggest  VoIP  secu¬ 
rity  concerns? 

One  of  the  most  common  threats  to  VoIP 
some  vendors  and  users  say  is  a  denial-of-ser- 
vice  (DoS)  attack  that  takes  out  a  network’s 
servers.  VoIP  services  will  get  shut  down  if  a 
DoS  attack  successfully  overloads  company 
servers  with  requests. 

“In  the  VoIP  arena,  you’re  taking  voice  traffic 
that  used  to  be  separate  and  is  now  integrated 
into  Ilf  Brandt  says.“So  you  have  to  have  certain 
things  in  place  to  protect  yourself  from  those 
risks,  but  you  want  to  be  careful  to  not  degrade 
your  quality  of  service.” 

The  most  basic  element  for  guarding  against 
DoS  attacks  is  installing  a  SIP-enabled  firewall 
during  network  setup  to  act  as  the  first  layer  of 
defense,  says  Graham  Howard,  global  market¬ 
ing  director  at  Siemens.  Lazar  says  session  bor¬ 
der  controls,  which  are  firewalls  designed 
specifically  for  VoIP  systems,  can  control  what 
packets  go  over  an  entire  SIP  trunk,  thus  giving 
businesses  a  strong  tool  for  blocking  packets 
sent  as  part  of  a  DoS  attack.  Indeed,  for  small 
businesses,  a  good  firewall  can  be  entirely  suf¬ 
ficient  for  VoIP  security  needs.  Tolbert  sends  all 
his  intra-office  voice  traffic  over  a  fiber  back¬ 
bone  strung  over  six  different  sites,  and  he 
only  relies  on  firewall  protection  to  keep  his 
VoIP  service  up  and  running. 

“If  I  was  having  my  SIP  traffic  go  through  the 


Internet,  I’d  be  a  lot  more  concerned  about  it,” 
he  says.  “But  since  my  SIP  traffic  doesn’t  go  out¬ 
side  my  own  little  world,  that  doesn’t  worry  me 
too  much.” 

For  companies  that  are  sending  their  traffic 
over  the  Web,  however,  Howard  recommends 
investing  in  a  VoIP  encryption  service  that  will 
thwart  hackers  attempting  to  tap  into  company 
communications. Siemens,  for  instance, offers  a 
solution  that  lets  users  set  encryption  options 
on  a  call-by-call  basis,  which  gives  them  a 
notice  on  their  desktop  telling  them  that  the 
encryption  service  is  up  and  running. 

5.  How  far  should  you  go  with  your  VoIP  ser¬ 
vice?  Should  you  get  full-on  premises  con¬ 
trol,  or  should  you  run  your  own  PBX  and 
let  a  vendor  handle  wire-to-the-building? 

The  answer  is:  “It  depends  on  your  business 
needs.”  Brandt  says  that  for  his  business, 
which  runs  contact  centers  for  large  compa¬ 
nies, voice  is  an  absolutely  critical  application 
that  needs  to  be  up  and  running  with  no 
latency  at  all  times. Thus,  it  makes  more  sense 
for  his  IT  department  to  have  full-on  premises 
control  of  the  entire  voice  platform  to  ensure 
rapid  problem-solving  and  that  the  network  is 
tailored  specifically  to  the  company’s  needs. 
For  companies  in  which  voice  services  are 
less  critical  —  that  is,  companies  where 
employees  rely  more  heavily  on  tools  such  as 
cell  phones, e-mail  and  instantly  messaging  — 
Brandt  says  it  makes  much  more  sense  to  out¬ 
source  managing  the  voice  platform  to  a  ven¬ 
dor  or  carrier. 

“A  lot  of  larger  organizations  prefer  on¬ 
premises  solutions,  because  you  can’t  get  host¬ 
ed  services  for  as  large  a  scale  as  they  need,” 
Lazar  says.  “Where  we  see  a  lot  more  hosted 
services  is  in  small  businesses  that  have  less 
than  a  thousand  seats  and  that  aren’t  geo¬ 


graphically  dispersed.” 

Howard  shares  Lazar’s  assessment  that 
large  businesses  mostly  want  to  run  their  own 
voice  platforms  themselves,  although  he 
thinks  a  lot  of  it  has  to  do  with  the  level  of 
expertise  the  business  has  in  its  IT  depart¬ 
ment.  For  instance,  Howard  says  a  credit  card 
validation  company  recently  contacted 
Siemens  about  VoIP  solutions  and  wanted  an 
outside  company  to  manage  all  of  its  com¬ 
munications  because  it  simply  did  not  want 
to  deal  with  any  of  it  internally 

As  for  smaller  businesses,  Tolbert  says  they 
generally  need  the  help  of  a  hosted  service 
provider,  because  most  small  businesses  “don’t 
want  to  be  wasting  their  time  tweaking  and 
babying”  their  VoIP  system  constantly  However, 
he  also  notes  that  for  small  businesses  requir¬ 
ing  50  handsets  or  less,  it’s  relatively  simple  to 
manage  their  own  services  by  training  one  or 
two  employees  to  do  all  the  routing,  phone¬ 
answering  and  the  adding  of  new  users. 

“Since  we  have  a  fairly  small  organization 
and  I’m  a  volunteer  IT  coordinator,  I  want 
the  technology  to  be  as  idiot-proof  as  possi¬ 
ble  and  to  make  people  self-sufficient  in 
running  the  system,”  he  says.  “If  you’re  an 
organization  with  75  phones  or  less  and  you 
have  to  constantly  call  tech  support,  then 
you  have  the  wrong  telephone  system  and 
you’re  wasting  money.” ■ 


CORRECTION 

■The  story  “Mobile  Web  browsing  ready 
for  prime  time,"  (July  21,  page  1)  should 
have  noted  that  OlegTukh  was  product 
manager  for  Opera  Mini,  Opera 
Software. 
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Storage  companies  to  watch 

Innovative  start-ups  target  flash  drives,  cloud  storage,  disaster  recovery 


BY  JON  BRODKIN 

From  de-duplication  and  disaster  recovery  to 
flash  drives  and  cloud  storage,  there’s  a  ton  of 
innovation  in  the  storage  market.  After  looking 
at  companies  in  stealth  mode  and  those  that 
released  their  first  products  within  the  past 
year,  we  identified  10  storage  start-ups  worth 
watching.  Here’s  a  look  at  each  vendor: 

Atrato 

Founded:  April  2004 

Location:  Westminster,  Colo. 

What  does  the  company  offer?  A  hardware- 
software  mix  called  the  VI 000  that  helps  allevi¬ 
ate  the  I/O  bottleneck  between  storage  and 
servers  to  improve  access  to  data.Atrato, which 
exited  stealth  mode  in  February,  says  its  tech¬ 
nology  delivers  as  many  as  10,000  input/output 
operations  per  second  (10PS)  while  reducing 
the  rack  space  and  cooling  requirements  of  a 
typical  data  center. 

Why  is  it  worth  watching?  Offers  fast,  high- 
density  storage  that  should  prove  useful  for 
high-performance  computing  and  digital- 
entertainment  delivery 

How  did  the  company  get  its  start?  Co¬ 


founders  Dan  McCormick  and  Jonathan  Hall, 
both  veterans  of  XIOtech,  decided  they  could 
improve  the  performance,  cost-effectiveness 
and  security  of  data  delivered  at  high  speeds 
for  customers  dealing  with  streaming  content, 
high-performance  computing  and  enterprise 
technology 

How  did  the  company  get  its  name?  Atrato  is 
named  after  the  Rio  Atrato  in  Colombia,  the 
fastest-flowing  river  on  Earth. 

Funding:  $18  million  from  such  storage 
industry  veterans  as  Jesse  Aweida,  founder  and 
former  CEO  of  StorageTek;  and  Tom  Porter,  a 
former  IBM  storage  executive  who  was  also 
CTO  of  Seagate. 

Who’s  using  the  product?  Dozens  of  cus¬ 
tomers,  including  MusicGiants  and  SRC 
Computers. 

4Blox 

Founded:  April  2005 

Location:  San  Jose,  Calif. 

What  does  the  company  offer?  4Mezzo,  soft¬ 
ware  that  improves  performance  of  iSCSI- 
based  storage-area  networks  by  optimizing 
communication  between  iSCSI  and  TCP  proto¬ 


cols.  4Blox’s  tagline  asks  IT  shops  “are  your 
iSCSI  solutions  ready  for  lOGbE?” 

Why  is  it  worth  watching?  4Mezzo’s  technol¬ 
ogy  reduces  the  CPU  processing  power 
demanded  by  the  iSCSI  protocol,  which  is 
becoming  much  more  popular.  “4Blox  has 
developed  a  unique,  software-based  approach 
to  performance  that  sets  it  apart  from  current 
hardware-based  iSCSI  offload  and  acceleration 
products,”  said  Scott  Caruso  of  Flywheel 
Ventures,  after  investing  in  4Blox. 

How  did  the  company  get  its  start?  Founders 
Sai  Narasimhamurthy  and  Joseph  Hui  devel¬ 
oped  the  technology  at  Arizona  State  Univer¬ 
sity  where  Narasimhamurthy  was  a  doctoral 
student  and  Hui  was  his  professor.  ASU  still 
owns  the  company’s  intellectual  property 

How  did  the  company  get  its  name?  The 
founders  saw  the  number  4  everywhere:  Their 
technology  has  four  core  components,  the  first 
component  has  four  building  blocks  and  iSCSI 
is  a  Layer  4  transport  protocol.  ISCSI  itself 
enables  block-level  storage,  explaining  the 
“blox”  portion  of  the  name. 

CEO  and  background:  Dan  Munro  began  his 
career  as  a  software  engineer,  but  more  re- 
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cently  became  a  consultant  working  with 
early-stage  software  companies. 

Funding:  An  undisclosed  amount  from  angel 
investors  and  the  venture-capital  firm  Flywheel 
Ventures. 

Who’s  using  the  product?  4Blox  technology 
is  still  in  beta  with  OEM  customers,  including 
several  “large,  marquee  storage  vendors.” 


Fusion-io's  flash-storage  ioDrive  is 
inserted  directly  into  servers. 


Fusion-io 

Founded:  June  2006 

Location:  Salt  Lake  City 

What  does  the  company  offer?  ioDrive,  a 
PCle  flash  storage  card  that’s  inserted  directly 
into  servers.  Fusion-io  launched  the  product  at 
Network  Worlds  DEMO  event  last  fall. 

Why  is  it  worth  watching?  Rivals  including 
EMC  say  attaching  storage  directly  to  servers 
can  limit  flexibility,  but  Fusion-io  promises  a 
great  price-performance  ratio,  with  the  PCle 
card  delivering  100,000  IOPS.The  160GB  card 
and  320GB  card  go  for  $4,800  and  $8,900, 
respectively  Analyst  Deni  Connor  calls  it  “a 
good  approach  for  giving  new  life  to  servers . . . 
running  transaction-intensive  operations.” 

How  did  the  company  get  its  start?  CTO 
David  Flynn  and  marketing  vice  president  Rick 
White  were  discussing  embedded  devices,  and 
decided  that  there  was  a  market  for  embedded 
storage  that  takes  advantage  of  the  speed  of 
flash  memory 

How  did  die  company  get  its  name?  The 

name  contains  “fusion”  because  ioDrive  fuses 
CPU  and  RAM  into  a  single,  silicon-based 
device;  and  “io”  because  of  its  speed. 

CEO  and  background:  Donald  Basile  has 
worked  in  the  data  networking,  cable,  telecom¬ 
munications,  computing  and  semiconductor 
industries. 

Funding:  $19  million  in  a  round  led  by  New 
Enterprise  Associates. 

Who’s  using  the  product?  44%  of  Fortune  100 
companies  use  the  ioDrive,  the  vendor  says. 

Nirvanix 

Founded:  July  2007 

Location:  San  Diego 

What  does  the  company  offer?  The  Storage 
Delivery  Network,  a  cloud-storage  platform  pro¬ 
viding  highly  scalable  storage  capacity  over  the 
Web, optimized  for  digital  media  and  large  files. 
The  service  became  available  last  October. 

Why  is  it  worth  watching?  Along  with 
Amazon. corn’s  Simple  Storage  Service, 
Nirvanix  is  one  of  the  first  players  in  the  emerg¬ 


ing  cloud-storage  market. While  Amazon’s  max¬ 
imum  allowed  file  size  is  5GB, Nirvanix  lets  cus¬ 
tomers  store  files  as  large  as  256GB. 

How  did  the  company  get  its  start?  Founders 
Patrick  Harr  and  Geoff  Tudor  wanted  to  devel¬ 
op  an  alternative  to  content  delivery  networks. 

How  did  the  company  get  its  name? 
Combining  Nirvana  and  “media  exchange.” 

CEO  and  background:  Harr  has  a  back¬ 
ground  in  marketing  and  previously  worked  at 
Enterprise  Partners  Venture  Capital. 

Funding:  $18  million  from  Intel  Capital, 
Valhalla  Partners,  Mission  Ventures,  Windward 
Ventures  and  European  Founders  Fund. 

Who’s  using  the  product?  Content-publishing 
sites,  businesses  looking  for  data  backup  and 
operators  of  Web  2.0  applications.  FreeDrive 
uses  Nirvanix  to  provide  an  online  storage  ser¬ 
vice  that  is  integrated  with  Facebook  and 
makes  it  easy  to  share  files. 

Ocarina  Networks 

Founded:  February  2007 

Location:  San  Jose,  Calif. 

What  does  the  company  offer?  Launched  in 
April  2008,  Ocarina’s  first  product,  the 
ECOsystem,  is  an  appliance  that  uses  de-dupli- 
cation  to  shrink  the  amount  of  disk  space 
needed  for  storage.  The  system  is  driven  by 
new  algorithms  that  are  “content-aware,”  mean¬ 
ing  it  knows  what  type  of  file  it’s  working  with, 
and  how  best  to  reorganize  data  to  save  space. 

Why  is  it  worth  watching?  De-duplication  is 
common  for  backup  data  but  not  for  primary 
storage,  says  analyst  Arun  Taneja.  Ocarina  says 
it  can  reduce  storage  needs  by  a  factor  of  10. 
That’s  a  ratio  “any  IT  shop  will  kill  for”  on  pri¬ 
mary  storage,  “because  it’s  the  most  expensive 
storage,”  he  says. 

How  did  the  company  get  its  start?  CEO  Murli 
Thirumale  and  his  co-founders  polled  senior 
IT  executives  about  their  top  concerns,  and  all 
of  them  were  worried  about  rapidly  growing 
storage  needs. 

How  did  the  company  get  its  name?  “It  just 
sounded  good,”  Ocarina  officials  say  in  an 
e-mail. ‘And  . . .  there  are  hardly  any  good  start¬ 
up  names  left.”  An  ocarina  is  an  egg-shaped 
wind  instrument. 

CEO  and  background:  Thirumale  was  CEO 
and  co-founder  of  Net6,  a  maker  of  SSL-VPN 
and  VoIP  technology  acquired  by  Citrix. 

Funding:  $11  million  from  Kleiner  Perkins 
and  Highland  Capital. 

Who’s  using  the  product?  The  first  customers 
are  online  photo-sharing  sites.  Unnamed  cus¬ 
tomers  include  social-networking  Web  sites,  e- 
mail  providers  and  large  movie  studios. 

Parascale 

Founded:  July  2004 

Location:  Cupertino,  Calif. 

What  does  the  company  offer?  Parascale  says 
it  is  developing  cloud  storage  software  that 
“aggregates  disk  storage  on  multiple  standard 
Linux  servers  to  present  one  highly  scalable 
self-managing  storage  cloud,  with  massive 
capacity  and  parallel  throughput.”  A  release 


date  hasn’t  been  announced  yet,  but  the  prod¬ 
uct  will  be  generally  available  within  months 
as  a  software  download,  the  company  says. 

Why  is  it  worth  watching?  Parascale’s  low- 
cost  approach  to  building  cloud  storage  has 
some  fans  at  Google.  The  Parascale  advisory 
board  includes  Sepandar  David  Kamvar,  the 
technical  lead  of  personalized  search  at 
Google;  and  Chuck  McManis,  a  Google  senior 
storage  technologist. 

How  did  the  company  get  its  start?  Cameron 
Bahar,  the  founder  and  CTO,  developed  the 
Parascale  approach  to  scaling  out  storage  with 
commodity  hardware  after  spending  years 
building  clustered  systems  at  such  vendors  as 
HR  TeraData  and  Locus.  Bahar  also  led  the 
design  of  a  one-thousand-server  distributed 
Internet  storage  service  offered  by  the  now- 
defunct  Scale8. 

How  did  the  company  get  its  name?  From 
“parallel”  and  “scalability’ 

CEO  and  background:  Sajai  Krishnan  was 
previously  general  manager  of  NetApp’s  Store- 
Vault  division. 

Funding:  $11.37  million  from  Charles  River 
Ventures  and  Menlo  Ventures. 

Who’s  using  the  product?  Early  adopter  Blue 
Coat  Systems  is  using  Parascale  software  for 
online  disk-to-disk  backup. 

Pliant 

Founded:  April  2006 

Location:  Milpitas,  Calif. 

What  does  the  company  offer?  Pliant  will 
launch  its  first  product,  a  solid-state  flash  drive, 
in  the  fourth  quarter. 

Why  is  it  worth  watching?  Pliant  is  joining  the 
emerging  enterprise  flash  storage  market, 
which  Sun  has  called  “the  most  exciting  thing 
that’s  happened  in  storage  in  20  years.”  Flash 
storage  costs  a  lot  but  delivers  data  at  much 
faster  speeds  than  rotating  disk  drives,  and  is 
expected  to  gain  major  enterprise  adoption 
over  the  next  few  years. 

How  did  the  company  get  its  start?  Founded 
by  Mike  Chenery,  Doug  Prins  and  Aaron 
Olbrich.all  veterans  of  Fujitsu. 

How  did  the  company  get  its  name?  “Pliant” 
is  meant  to  convey  “a  solution  that  is  flexible 
and  scalable  to  changing  application  environ¬ 
ments,”  the  company  says. 

CEO  and  background:  Amyl  Ahola,  the  for¬ 
mer  CEO  of  TeraStor  and  vice  president  at  Sea¬ 
gate  and  Control  Data. 

Funding:  $8  million  in  a  funding  round  led 
by  Lightspeed  Venture  Partners. 

Who’s  using  the  product?  Target  customers 
are  OEMs  and  data  centers  operating  mission- 
critical,  I/O-intensive  applications.  ■ 
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VMware’s  hypervisor  is  free  . . . 


BY  JON  BRODKIN 

VMware  made  a  long-anticipated  move 
July  22  when  it  announced  that  its  ESXi 
hypervisor  would  be  free.That  doesn’t  mean 
customers  can  avoid  pricey  fees  for  support 
and  management  tools,  though.  In  this  FAQ 
we  answer  key  questions  about  VMware’s 
newly  free  hypervisor. 

What  spurred  VMware  to  give 
its  hypervisor  away? 

Microsoft  in  June  began  ship¬ 
ping  its  virtualization  software, 

Hyper-Y  for  free.  (If  you’ve 
already  paid  for  a  Windows  Server  2008 
license). 

The  EMC-owned  VMware  made  its  move 
two  weeks  after  replacing  founder  and  CEO 
Diane  Greene  with  Paul  Maritz,  a  former 
Microsoft  executive.  Greene  had  long 
denied  that  VMware  would  be  forced  to 
lower  its  prices. 

“If  the  hypervisor  is  already  commodi¬ 
tized  and  most  of  your  competitors  have  a 
free  version,  then  Paul  Maritz  did  the  right 
thing,”  says  Laura  DiDio,  a  Yankee  Group 
analyst.“You  saw  how  fast  he  moved.  ” 
VMware  denies  that  the  competition  had 
anything  to  do  with  the  decision. 

“We’re  focusing  our  efforts  on  the  20-plus 
products  we  sell  on  top  of  the  hypervisor. 
This  is  a  continuation  for  us  of  a  long-term 
strategy?’ says  John  Gilmartin,  VMware  prod¬ 
uct  marketing  manager. 

Gilmartin  points  to  February  2006,  when 
VMware  made  a  similar  move,  offering  its 
first  free  hypervisor. 

VMware  already  offers  a  free  hypervisor? 

Yes,  the  VMware  Server,  which  is  basically  a 
beginner’s  kit  for  VMware’s  virtualization 
technology  has  been  available  at  no  charge 
for  more  than  two  years. 

So  what’s  new? 

VMware  is  now  giving  away  ESXi,  the  “bare- 
metal”  hypervisor  that  installs  directly  onto 
the  server  hardware.The  VMware  Server,  on 
the  other  hand,  is  installed  as  an  application 
on  top  of  the  operating  system.  ESXi  previ¬ 
ously  cost  $495. 

Is  the  VMware  Server  now  obsolete? 

Not  quite,  but  there  are  fewer  reasons  to  use 
it.  Some  hardware  devices  might  work  with 
VMware  Server  but  not  ESXi,  Gilmartin  says. 
New  servers  have  support  for  virtualization 
built  into  the  chip,  but  older  platforms  may 
not  work  with  ESXi. VMware  Server,  because 
it’s  not  running  directly  on  the  server  hard¬ 
ware,  will  be  compatible  with  a  greater 


range  of  systems.  So  calling  VMware  Server 
obsolete  may  be  too  strong,  but  “in  terms  of 
the  pure  hypervisor,  clearly  ESXi  is  more 
appealing,”  says  Forrester  Research  analyst 
Frank  Gillett. 

Who  should  use  the  free  version  of  ESXi? 

The  free  ESXi  is  good  in  limited- 
use  cases,  such  as  consolidating 
two  physical  servers  into  one, 
Gillett  says. You  might  also  use 
the  free  hypervisor  on  an  aging 
server  that  you  plan  to  upgrade, 
just  to  make  it  easier  to  move  the 
workload  from  one  box  to  another  when 
you  do  replace  that  server. 

But  if  you  have  dozens  or  hundreds  of  vir¬ 
tual  servers,  and  want  the  flexibility  to  quick¬ 
ly  move  workloads  in  response  to  changing 
needs,  the  free  ESXi  just  isn’t  going  to  cut  it. 
ESXi  is  perfect  for  a  single  server,  Gilmartin 
says,  but  not  when  you  are  using  multiple 
virtualized  servers  that  need  to  be  managed 
simultaneously  with  features  such  as  live 
migration  of  workloads,  patch  management, 
centralized  backup  and  guarantees  of  high 
availability  The  management  tools  cost 
money  —  even  Microsoft  charges  extra  for 
hypervisor  management  tools.  But  those 
tools  are  what  make  virtualization  worth¬ 
while  in  a  complicated  IT  environment. 

Did  VMware  change  the  price  of  any  other 
products? 

No.  The  hypervisor  license  is  free,  but  only 
if  you  don’t  get  any  extra  management 
tools.The  VMware  Infrastructure 
Foundation,  designed  for  small  businesses 
and  branch  offices,  has  a  list  price  of  $995. 
For  $2,995,  you  can  get  VMware 
Infrastructure  Standard,  a  “high-availability 
infrastructure  virtualization  suite  for  any 
workload.”  And  for  $5,750,  customers  can 
choose  the  top-of-the-line  VMware 
Infrastructure  Enterprise.  All  three  versions 
contain  the  basic  hypervisor  and  manage¬ 
ment  tools  that  aren’t  available  with  the  free 
edition.  Only  VMware  Infrastructure 
Enterprise  has  VMotion,  which  moves  virtu¬ 
al  machines  from  one  server  to  another 
with  zero  downtime,  a  key  feature  that  dif¬ 
ferentiates  VMware’s  technology  from 
Microsoft’s. 

While  list  prices  haven’t  changed,  the 
actual  prices  enterprises  pay  vary  depend¬ 
ing  on  the  size  of  deployment  and  negotia¬ 
tions  between  the  customer  and  VMware. 
The  fact  that  ESXi  is  now  free  could  make  it 
easier  for  customers  to  argue  that  the  pre¬ 
mium  products  —  which  contain  the  hyper¬ 
visor,  after  all  —  should  cost  less. 


with  strings 

If  an  enterprise  can’t  get  a  more  favorable 
licensing  deal  even  now  that  VMware  has 
made  the  hypervisor  free, “I  would  postulate 
that  they  don’t  have  good  negotiators  in 
their  organization,”  DiDio  says. 

Forrester  analyst  James  Staten  doesn’t  see 
much  of  a  benefit  to  enterprises,  though.  He 
notes  that  “support  is  not  included  with  the 
free  ESXi;  if  you  want  that,  it  starts  at  $495 
per  server  per  year. This  doesn’t  really 
address  the  typical  enterprise’s  cost  of 
VMware  deployment  —  just  the  marketing 
threat  of  the  low  Hyper-V  starting  price.” 

Now  that  VMware  and  Microsoft  both 
offer  the  hypervisor  free,  is  there  any 
reason  to  use  Microsoft  virtualization? 

Sure.  If  you’re  a  big  Microsoft  shop,  enjoy 
getting  support  from  a  single  source  and 
don’t  need  VMware’s  extra  features,  Hyper-V 
can  be  a  good  fit.“If  Virtual  Machine 
Manager  [Microsoft’s  management  suite] 
and  Hyper-V  together  meet  your  needs,  and 
the  price  is  lower,  why  not?”  Gillett  says. 

“It’s  a  matter  of  personal  preference,”  DiDio 
says.“If  you  have  a  lot  of  VMware  installed 
and  you  love  VMware,  wow,  the  choice  just 
got  easier.  On  the  other  hand, yeah,  there  are 
reasons  to  go  with  Hyper-V  A  lot  of  it  comes 
down  to  licensing.” 

The  question  of  whether  it’s  less  expensive 
to  go  with  VMware  or  Microsoft  isn’t  always 
cut-and-dryThe  Microsoft  Virtual  Machine 
Manager  list  price  is  $499  for  five  physical 
servers,  which  seems  to  give  Microsoft  the 
edge.  But  VMware  says  it  can  deliver  more 
virtual  servers  without  a  performance  hit 
than  Hyper-V  resulting  in  a  lower  “cost  per 
virtual  machine.”  Each  enterprise  will  have 
to  perform  its  own  cost-benefit  analysis. 

“It  comes  back  to  your  needs,”  Gillett 
notes. 

Will  this  move  help  VMware? 

Time  will  tell,  but  analysts  think  it’s  the  right 
decision.  Gartner  analyst  Thomas  Bittman 
had  urged  VMware  to  give  the  hypervisor 
away  for  free  and  focus  on  making  money 
off  management  tools. 

VMware’s  stock  prices  have  dropped  sig¬ 
nificantly  this  year. The  CEO  change  and 
move  on  pricing  could  be  seen  as  initial 
steps  toward  regaining  the  trust  of  investors. 

“It  looks  like  in  the  short  term  Paul  Maritz 
is  willing  to  sacrifice  revenue  ...  in  order  to 
go  up  the  stack,  because  where  they’re  real¬ 
ly  going  to  make  their  money  is  the 
[VMware  Infrastructure]  platform,”  DiDio 
says.“He’s  taking  a  very  long-term  strategic 
view  of  things,  which  is  the  right  thing  to  do, 
and  not  just  looking  for  short-term  profits.”* 
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NEWS  ANALYSIS 


Telecommuting  poses  security  risk 

Survey  of  73  organizations  shows  weak  privacy  protection 


Telecommuting,  risky  business? 

Telecommuters  can  pose  security  and  privacy  risks  if  a  number  of  chal¬ 
lenges  are  not  addresses.  A  study  last  week  found: 

•  Only  half  of  the  respondents  have  formal  security  policies  or  employee  training  for 
telecommuting. 

•  Nearly  75%  of  organizations  let  telecommuters  generate  paper  records  containing 
personal  information,  but  only  25%  have  telecommuters  store  these  records  in  secured 
cabinets  or  other  storage  systems. 

•  One-third  of  organizations  provide  telecommuters  with  shredders  for  disposal,  and 
about  the  same  percentage  ask  that  papers  be  shredded  but  don’t  supply  shredders,  and 
17%  have  no  disposal  requirement  for  paper  records. 

Source:  Ernest  &  Young  and  Center  for  Democracy  andTechnology 


BY  ELLEN  MESSMER 

Allowing  employees  to  work  from  home  and 
telecommute  poses  security  and  privacy  risks 
that  are  not  being  addressed  adequately  by 
business  or  government,  according  to  a  study 
released  by  consulting  firm  Ernst  &  Young  in 
partnership  with  the  advocacy  group  Center 
for  Democracy  and  Technology 

The  report,  “Risk  at  Home:  Privacy  and 
Security  Risks  in  Telecommuting,”  surveyed 
73  corporate  and  government  organizations 
to  find  out  whether  they  had  formal  telecom¬ 
muting  security  policies  implemented,  and 
whether  employees  working  from  home  were 
trained  in  protecting  data.  The  report  con¬ 
cludes  this  was  often  not  the  case,  putting 
business  and  government  data  at  far  higher 
risk  than  if  appropriate  security  best  prac¬ 
tices  were  used  in  the  home  telecommuting 
environment. 

“We  identified  some  disconnects  about  rec¬ 
ognizing  risk  areas  and  addressing  it,”  said  Sagi 
Leizerov,  senior  manager  with  Ernst  &  Young’s 
advisory  services  group,  about  the  findings  in 
the  report. 

Ari  Schwartz,  vice  president  and  COO  at  CDT, 
said  the  privacy-advocacy  group  assisted  with 
the  study  to  put  the  focus  on  determining  best 
practices  in  telecommuting. 

Schwartz  says  this  question  is  of  increasing 
importance  as  the  practice  of  telecommuting 
grows.  He  pointed  out  that  security  breaches 
have  occurred  in  the  context  of  telecommut¬ 
ing  in  the  past  two  years,  include  well-publi¬ 
cized  ones  at  the  Department  of  Veterans 
Affairs  and  the  National  Institutes  of  Health,  as 
well  as  at  Blue  Cross  Blue  Shield  and  the  state 
of  Ohio. 

Neither  Ernst  &  Young  nor  CDT  is  opposed  to 
telecommuting,  but  Schwartz  and  Leizerov  say 
the  report’s  findings  indicate  the  organizations 
surveyed  often  failed  to  adequately  recognize 
the  risks  in  telecommuting  that  differ  from 
office-based  work. 

Only  half  of  the  organizations  participating  in 
the  survey  have  even  developed  guidelines  for 
telecommuting  or  provide  guidance  to  their 
employees. 

The  survey  looked  at  whether  PCs,  portable 
devices  and  wireless  networks  were  being 
used  in  telecommuting  and  which  security 
controls  were  in  place  for  them. 

The  study  also  asked  how  the  protection  of 
paper  records  containing  the  business  infor¬ 
mation  used  by  telecommuters  was  being 
addressed  and  whether  there  were  security 
controls,  such  as  file  and  e-mail  encryption. 

“About  50%  of  respondents  indicated  that 
telecommuting  employees,  both  full-time  and 
occasional,  sometimes  use  their  personally 
owned  computers  and  PDAs  at  home  for  work 


purposes,”  the  report  states,  adding  that  the 
trend  is  toward  easing  restrictions  about  it. 

The  security  that  corporations  require  for 
business-issued  devices  and  laptops,  however, 
is  seldom  applied  to  employees’  personally 
owned  computers. 

Security  controls  regarding  the  paper  docu¬ 
ments  containing  business  data  that  are  gener¬ 
ated  by  telecommuting  employees  also  is 
somewhat  weak,  the  study  indicated. 

”One-third  of  the  organizations  surveyed 
said  they  provide  telecommuters  with  shred¬ 
ders  for  disposal,”  the  report  notes.  “Roughly 
the  same  percentage  said  they  have  telecom¬ 
muters  shred  paper  records,  but  the  employ¬ 
ees  must  arrange  their  own  shredders.  And 
17%  of  the  organizations  indicated  they  have 
no  disposal  requirement  for  paper  records,” 
the  report  continues. 

Leizerov  calls  this  unacceptable  for  a 
telecommuting  environment  and  says, 
“Organizations  shouldn’t  expect  employees  to 
purchase  their  own  controls.” 

The  survey,  which  encompassed  organiza¬ 
tions  in  the  United  States,  Canada  and  Europe, 
sought  to  differentiate  between  employees 
who  work  full-time  from  home  and  those  who 
occasionally  telecommute. 

Ten  industries  were  identified,  with  financial 
services  and  healthcare  representing  40%  of 
the  respondents.The  remainder  included  busi¬ 
ness  and  professional  services,  manufacturing, 
retail,  telecommunications,  hospitality  and  a 
“miscellaneous”  category 

Among  some  organizations  that  responded 
to  the  survey  “nearly  all  employees  are  occa¬ 
sional  telecommuters  [and]  many  respondents 
found  it  difficult  to  estimate  the  number  of 
their  full-time  and  occasional  telecommuters 
—  an  interesting  finding  on  its  own,”  according 
to  the  report. 


The  number  of  full-time  telecommuters,  how¬ 
ever,  is  significantly  smaller  than  the  number  of 
occasional  telecommuters,  the  study  con¬ 
cludes. 

“While  occasional  telecommuters  exist  at 
each  of  the  responding  organizations,  46  of  the 
73  respondents  employ  full-time  telecom¬ 
muters,”  the  report  states. 

The  report  states  that  85%  of  organizations 
indicated  they  implement  at  least  one  of  five 
methods  for  protecting  hardware  assets:  failed- 
logon  lockout  settings  on  computers;  privacy 
screens;  security  cables  for  locking  down  com¬ 
puters;  periodic  audits  of  telecommuters’  phys¬ 
ical  working  environments;  and  a  “clean-desk 
policy  for  telecommuters.” 

About  20%  of  the  organizations  conduct  peri¬ 
odic  inspections  of  telecommuter  remote- 
work  environments,  with  the  frequency  higher 
among  organizations  with  greater  numbers  of 
telecommuters. 

The  study  notes  that  stronger  security  con¬ 
trols,  such  as  biometric  authentication  and 
thin-client  terminals,  have  yet  to  take  hold  in 
the  telecommuting  environment. 

“On  a  more  positive  note,  the  use  of  encryp¬ 
tion,  while  not  yet  prevalent,  is  common  on 
hard  drives,  in  securing  network  connections 
and  even  in  protecting  e-mail  messages,”  the 
report  states. 

When  it  comes  to  portable  devices,  wireless 
networks  and  Internet  downloads,  however,  the 
survey  found  security  practices  were  “often 
lacking  and  could  lead  to  the  compromise  of 
the  personal  information  that  employees  han¬ 
dle  at  home,”  the  report  states. 

More  than  70%  of  the  organizations  surveyed 
say  they  do  some  monitoring  of  telecom¬ 
muters,  most  commonly  by  network  monitor¬ 
ing  or  telecommuter  e-mail  and  Internet  use, 
the  report  states.  ■ 
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TECH  UPDATE 

B  An  inside  look  at  technologies  and  standards 


Security  audits:  Don't  ignore  thick  clients 

They  are  often  less  secure  than  browser-based  applications 


When  it  comes  to  running  application  security  audits, many  organizations  make  the 
mistake  of  assuming  that  only  Internet-facing,  browser-based  Web  applications 
deserve  scrutinyAfter  all, thick-client  applications  tend  to  face  inside  and  tend  to  be 
compiled  binaries, so  they  present  less  risk  of  malicious  tampering. 


BY  KEITH  ROYSTER  AND  JASON  REED 


That  assumption  is  dangerous. 

Thick-client  applications  face  far  fewer 
attack  attempts  than  applications  facing  the 
Internet,  but  they  also  tend  to  handle  the 
most  critical  transactions  and  employees 
often  know  how  they  work  from  a  business 
and  a  technical  perspective,  making  them 
prime  targets  for  insider  attacks. 

In  fact, compiled  executable  clients  often  are 
inherently  less  secure  than  browser-based 
Web  applications,  and  the  tools  for  tampering 
with  them  are  freely  available  and  easier  to 
use  than  you  might  expect. 

One  axiom  of  application  security  is  “never 
rely  on  client-side  validation  for  security” 
because  it  is  easy  to  manipulate  the  client  and 
bypass  security  controls.Yet  the  very  definition 
of  a  thick  client  is  that  it  performs  most,  if  not 
all, of  the  application’s  logic.  In  many  cases  the 
application  has  a  two-tier  architecture,  mean¬ 
ing  the  client  talks  directly  to  a  back-end  data¬ 
base  with  no  intermediary  server  to  enforce 
security  As  a  result,  virtually  all  of  the  applica¬ 
tion’s  logic,  including  security  is  in  the  client 
and  thus  in  the  hands  of  the  potential  attacker. 

Thick-client  applications  are  prone  to  many 
of  the  same  types  of  vulnerabilities  as  thin- 
client  and  Web  applications.  Yet  the  fact  that 
much  of  the  responsibility  for  enforcing  secu¬ 
rity  is  placed  with  the  client  translates  into 
more  critical  vulnerabilities,  including: 

Password  harvesting.  When  a  user  logs  on  to 
the  application,  it  is  not  uncommon  for  the 
thick  client  to  query  the  database  for  the  pass¬ 
word  of  the  supplied  user  name,  then  do  a 
client-side  check  for  a  match  against  the  pass¬ 
word  supplied  by  the  user.  As  a  result,  the  user 
can  supply  the  user  name  of  another  account 
holder,  then  obtain  the  password  for  that  user 
from  the  database’s  response. 
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Privilege  escalation.  After  a  user  authenti¬ 
cates,  the  thick  client  needs  to  know  which 
functional  features  that  user  is  privileged  to 
access.  This  is  often  accomplished  by  query¬ 
ing  the  database  and  enabling  or  disabling 
various  menu  items  depending  on  the  permis¬ 
sion  bits  returned  by  the  database.  If  the  user 
can  manipulate  these  response  bits  before 
they  get  to  the  client,  he  can  usually  enable 
extra  permissions  —  perhaps  even  full  admin¬ 
istrative  permissions  to  the  application. 

Hard-coded  application  credentials.  In  an 
attempt  to  prevent  the  users  from  accessing 
the  database  directly,  developers  sometimes 
“hide”  the  application’s  database  credentials 
inside  the  compiled  thick  client.  If  the  user 
can  extract  these  credentials,  he  often  can 
access  the  database  directly  with  the  applica¬ 
tion’s  full  privileges.  In  this  way,  the  security 
controls  built  into  the  client  can  be  bypassed 
entirely 

Tools  and  techniques 

One  of  the  most  popular  ways  to  compro¬ 
mise  a  thick  client  outside  of  decompiling 
the  binary  is  to  study  the  traffic  to  and  from 
the  application.  Most  thick  clients  use  some 
form  of  connection  to  a  database  or  Web 
service  to  get  data.  The  quickest  way  to  see 
what  the  application  is  doing  is  to  sniff  the 
traffic  on  the  wire  using  a  program  such  as 
WireShark. 

This  will  reveal  the  type  of  connection  that  is 
being  used  and  probably  the  database  name 
and  credentials.  With  this  information,  the 
hacker  can  try  logging  on  to  the  database 
directly  without  using  the  client;  this  method 
may  reveal  more  functions  and  access  than 
what  the  client  shows.  Sometimes,  however,  the 
database  password  is  not  revealed  because  a 
challenge-response  mechanism  is  used  to  pro¬ 
tect  the  credentials. 

If  database  credentials  aren’t  observed, 
hackers  typically  try  to  insert  themselves  into 
the  conversation  to  see  whether  they  can 
modify  any  of  the  data  while  in  transit.  The 
quickest  way  to  get  at  protected  data  and 
functions  is  to  use  the  functions  built  into  the 
client,  instead  of  trying  to  reverse-engineer  the 
client’s  database  queries. 

That  can  be  done  by  escalating  user  privi¬ 


leges  in  the  application. Thick  clients  typically 
support  functions  for  a  variety  of  user  levels. 
Some  of  these  functions,  however,  are  not 
enabled  for  lower-privileged  roles.  To  deter¬ 
mine  the  user’s  rights,  the  application  will 
query  the  database,  then  parse  the  response  to 
determine  which  functions  to  allow.  If  they  can 
insert  themselves  into  the  conversation  and 
alter  the  database’s  response,  they  will  likely 
end  up  with  the  full  set  of  features  enabled  on 
the  client. 

Modifying  the  data  can  be  done  many  ways, 
but  one  method  that  works  well  is  to  use  a 
stream  editor  such  as  netsed.  Netsed  looks  to 
match  a  regular  expression  in  the  data  stream 
and  replace  that  value  with  one  the  hacker 
supplies.  Hackers  will  be  looking  for  obvious 
data  points  that  can  be  identified  in  the 
stream. Such  items  as  user  names, account  bal¬ 
ances,  phone  numbers,  Social  Security  num¬ 
bers  and  others  are  common  targets.They  will 
configure  netsed  to  look  for  these  items  and 
replace  them  with  other  values,  then  check  the 
results  to  see  if  they  were  successful.  Knowing 
what  success  looks  like  makes  the  rest  of  the 
assessment  easier. 

To  combat  this  type  of  attack,  many  applica¬ 
tion  developers  turn  to  encrypted  channels 
between  the  application  and  an  intermediary 
application  server  for  database  access. 
Encryption  makes  it  virtually  impossible  for 
the  hacker  to  determine  which  bits  to  change. 

SSL-  and  Transport  Layer  Security-encrypt¬ 
ed  connections  are  the  easiest  ways  to  pro¬ 
vide  this  service,  but  they  can  be  bypassed 
with  a  such  programs  as  stunnel.  In  client 
mode,  stunnel  will  listen  for  plain-text  traf¬ 
fic,  then  forward  it  as  SSL-encrypted  traffic 
to  a  new  destination.  In  server  mode,  stun¬ 
nel  will  listen  for  SSL  traffic,  then  decrypt  it 
before  forwarding  the  plain  text. 

Using  two  instances  of  stunnel  —  one  in 
each  mode  —  allows  hackers  to  insert  a  “win- 
dow”of  unencrypted  plain-text  traffic  between 
the  client  and  server,  where  they  can  sniff  traf¬ 
fic  with  WireShark  or  alter  it  with  netsed. 

Of  course,  these  are  only  brief  examples  of 
what  to  look  for. Thick  clients  are  used  less  fre¬ 
quently  in  the  ever-increasing  Web  application 
world,  and  many  companies  are  paying  less 
attention  to  legacy  applications.  That  adds  up 
to  opportunity  for  attackers.  Protecting  these 
applications  by  evaluating  their  weaknesses 
allows  your  company  to  better  understand  its 
true  risk  profile. 

Royster  ( keith.royster@systemexperts.com )  is 
a  senior  consultant  and  Reed  (Jason.  reed@sys- 
temexperts.com)  is  a  principal  consultant  at 
SystemExperts  Corp. 
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_DAY  37:  Our  data  center  is  a  thing  of  the  past.  Costs  are 
up.  Flexibility  is  down.  We’re  so  mired  in  day-to-day 
operations  that  we  can’t  respond  to  our  changing  business 
needs.  I’m  afraid  we’ve  been  left  behind. 

_I  don’t  want  to  be  left  behind... not  again. 

_DAY  40:  We’re  changing  the  way  we  think  about  the  data  center 
with  IBM.  Their  approach  is  highly  efficient,  easy  to  manage 
and  flexible  enough  to  meet  the  demands  of  our  business. 
Now  our  resources  can  be  shared  in  a  simplified,  virtualized 
environment.  We  can  scale  quickly,  adapt  to  market  change 
and  provide  rapid  services  delivery.  It’s  just  one  of  the 
steps  in  IBM’s  plan  for  a  new  kind  of  data  center. 

.Responsiveness  is  up.  Costs  are  down.  IT  guy  is  elated. 


Find  out  how  to  transform  your  data  center  at: 

IBM.COM/TAKEBACKCONTROL/EVOLVE 
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Y00R TAKE:  WIRELESS 


Long  &  Foster  Rush  University  Medical  Center 


Seizing  the  opportunity 


In  the  highly  competitive  real  estate  business,  a  quick  response  can  mean 
everything.  Long  &  Foster’s  mobile  network  helps  make  sure  its  agents 


exceed  expectations. 

BY  PAUL  DESMOND 

With  about  15,000  inde¬ 
pendent  associates 
and  2,000  of  its  own 
employees,  Long  & 
Foster  is  one  of  the  nation  s 
largest  privately  held  residential 
real-estate  companies,  its  foot¬ 
print  ranging  from  southern  New 
Jersey  into  North  Carolina.  Ever 
since  Mike  Koval  took  the  reins 
as  vice  president  and  CIO  some 
eight  years  ago,  he’s  been  push¬ 
ing  the  idea  of  mobility  to  make 
the  company  more  responsive  to 
customer  needs.  In  a  business 
where  workers  often  use  their 
car  as  an  office,  that  means  a 
heavy  reliance  on  mobile 
devices,  which  the  company  is 
using  to  impressive  effect. 

When  did  you  start  deploying  wireless 
devices  for  data? 

When  I  joined  the  organization  in  2000,  one 
of  the  things  I  saw  that  was  going  to  be  critical 
to  the  success  of  this  business,  or  pretty  much 
any  business  for  that  matter,  was  the  ability  to 
be  mobile.  So,  one  of  the  first  projects  we  did, 
in  the  fall  of  2000,  was  to  implement  802.11b 
in  every  one  of  our  offices,  as  well  as  at  our 
corporate  headquarters  and  regional  sites. 

Wireless  veteran 
Karl  Oder  had 
to  overcome  his 
share  of  wire¬ 
less  challenges 
but  the  technology  is  now 
reaping  big  benefits  for  Rush 
University  Medical  Center. 

Page  28. 


Since  then,  we’ve  upgraded  to  802.1  lg  and 
we’re  in  the  process  of  upgrading  to  802.1  In 
in  certain  areas. 

As  far  as  the  mobility  devices,  I  brought  a 
BlackBerry  into  the  company  in  the  spring  of 
2000  and  a  BlackBerry  Enterprise  environment 
in  the  fall  of  2000.  We  now  have  thousands  of 
BlackBerries  in  the  organization  and  also  thou¬ 
sands  of  Treos,  and  probably  hundreds  of 
Windows  Mobile  devices.  And  now  the  hottest 
thing  is,  of  course,  the  iPhone.  We  have  a  large 
and  rapidly  growing  population  adopting  the 
iPhone.  That  includes  the  [AT&T]  EDGE 
[Enhanced  Data  rates  for  GSM  Evolution]  net¬ 
work  version,  Version  1 ,  as  well  as  within  the 
last  week  1  probably  had  20  to  25  e-mails  about 
agents  and  employees  who  have  upgraded  to 
the  Version  2,  the  3G  version.  Everybody  who’s 
gotten  one  has  just  fallen  in  love  with  the 
device.  We  support  the  802.1  lg  environment 
on  that,  and  agents  are  very  pleased. 

Who  owns  those  mobile  devices? 

If  you’re  an  employee,  they’re  owned  by  the 
corporation.  So,  Long  &  Foster  owns  300,  maybe 
400  BlackBerries.  Predominantly  the  devices 
are  owned  by  the  agents,  although  they  are 
connected  to  our  enterprise  environment.  We 
have  Microsoft  Exchange  running  ActiveSync 
for  the  devices  that  support  that,  as  well  as  a 
BlackBerry  Enterprise  Server  environment  that 
supports  BlackBerry  users. 

What  kind  of  challenges  does  that  present 
having  to  support  a  range  of  devices  you 
don't  own? 


The  most  common  thing  1  come  across  is  an 
agent  who  is  tied  like  an  umbilical  cord  to  the 
device  and  then  the  device  breaks,  or  is  lost  or 
stolen.  1  think  we’re  pretty  good  at  getting  a 
replacement  out  within  24  hours.  Then  it’s  just 
a  matter  of  getting  it  provisioned,  getting  all  the 
data  transferred  over  and  getting  them  back  to 
work.  We  can  do  all  that  wirelessly 

I  always  have  concerns  about  security.  But  in 
a  contract  environment  it’s  very  difficult  or 
next  to  impossible  to  bring  in  a  lot  of  policies 
because  we’re  dealing  with  independent  con¬ 
tractors.  We  do  have  remote-kill  on  every  single 
device  that  we  support.  So,  if  a  device  is  lost  or 
stolen,  we  provision  a  new  one  wirelessly;  and 
if  we  have  to  kill  the  old  one,  we  can  send  out 
a  poison  pill  and  the  device  is  dead.  So,  we’re 
maintaining  the  integrity  of  the  data. 

Aside  from  the  poison  pill,  in  what  other 
ways  are  you  dealing  with  security  for 
these  devices? 

It’s  just  education,  trying  to  get  the  communi¬ 
cation  out  there  to  users  to  keep  their  devices 
in  a  safe  place  if  they’re  going  to  put  all  their 
data  on  them.  Don’t  think  of  this  as  a  PDA  any¬ 
more.  This  thing  has  as  much  horsepower,  as 
much  memory  as  any  laptop  you  owned  three 
years  ago,  so  treat  it  as  such.  Put  a  password  on 
there,  try  to  keep  it  locked  down,  don’t  share  it. 
It’s  just  education  and  communication. 

But  the  poison  pill  does  offer  me  a  lot  of 
peace  of  mind.  Every  day  someone  loses  a 
device.  In  just  a  couple  of  moments,  we  can 
push  a  button  and  that  device  is  rendered 
useless. 
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Getting  Personal:  Mike  Koval 


Title: 

Senior  vice  president  &  CIO 

Company: 

Long  &  Foster  Real  Estate 

Responsibilities: 

i 

All  technology  in  the  organization,  working  with  senior  executives 
on  business  strategy,  aligning  technology  with  business  needs, 
and  using  technology  to  create  new  business. 

Number  of  IT  staff: 

76 

Education: 

Bachelor  of  Science  in  Finance,  University  of  Maryland;  master’s 
degree  in  IT  from  Johns  Hopkins  University. 

Previous  jobs: 

Worked  at  Bearing  Point  (previously  KPMG  Consulting)  for 
seven  years  as  a  senior  manager  focusing  on  software  selection 
and  implementation  for  midsize  to  large  organizations. 

First  computer: 

i 

“For  college  graduation,  my  parents  bought  me  a  brand-new 
Macintosh  512K." 

Home  network: 

! 

1 

! 

A  gigabit  LAN,  both  wired  and  wireless,  runs  through  the  house, 
supporting  five  Macs,  six  or  seven  PCs  and  a  full-blown  Windows 
Server  2003  “running  the  show."There’s  also  satellite-based 
DirecTV  HD,  Comcast  8M  cable  modem,  VoIP  phone  service  and 
a  VPN  connection:  "You  name  it,  1  got  it." 

Words  to  live  by: 

“I’ve  got  two  personal  slogans:  ‘Nothing  is  impossible.The 
impossible  only  takes  a  little  bit  longer.’  And  ‘It  wasn’t  raining 
when  Noah  built  the  ark.’” 

I  do  get  the  occasional  issue  of  associates 
wanting  to  look  at  documents.  Some  devices 
are  better  than  others  at  looking  at  documents 
online. The  new  iPhone  is  fantastic  at  looking 
at  Word  documents  or  PowerPoint  slides,  PDFs 
and  such.  I  get  those  requests  occasionally,  but 
for  the  most  part  it  revolves  around  basic  com¬ 
munications,  phone  and  email. 

Are  you  able  to  recover  the  data? 

Yes,  unless  it’s  personally  stored  on  their  own 
memory  chip,  all  that  data  is  synchronized,  so 
anything  in  their  mailbox,  their  calendars,  con¬ 
tact  lists,  we  have  all  that,  and  we  can  immedi¬ 
ately  synchronize  it  with  another  device.  And 
we  do  that  wirelessly  so  that’s  very  convenient 
to  the  user.  As  part  of  our  communication  and 
education,  we  try  to  tell  users  that  some  of 
these  devices  have  backup  capabilities.  1  think 
iPhone  has  done  the  absolute  best  job  at  that. 
For  all  the  negativity  they  get  because  you  have 
to  connect  to  iTunes,  every  time  you  stick  your 
iPhone  into  its  dock  and  synchronize  with 
iTunes,  you  are  making  a  copy  of  your  data.  If 
that  device  were  to  get  lost,  you  could  recover 
the  data  just  like  that. 

Don't  the  other  devices  provide  ways  to 
back  up  data? 

Oh,  yeah,  with  every  device  you  can.  But  it 
requires  education  and  most  people  don’t 
have  it  set  up.  With  the  BlackBerryyou  have  to 
tether  the  device,  run  some  software,  go  to  a 
couple  of  menus  and  say  back  up  the  device 
—  and  you  have  to  do  it  regularly  The  average 
iPhone  user  does  it  every  time  they  stick  it  in 
their  dock. 

Let's  talk  about  the  business  side  of  mobil¬ 
ity.  What  applications  are  you  using  your 
mobile  devices  for? 

Primarily  it’s  e-mail,  contacts  and  calendar¬ 
ing.  Now,  with  the  power  of  what  the 
BlackBerry  and  iPhone  can  do,  we  have  agents 
who  are  pushing  content  —  primarily  PDFs  of 
contract  forms.  They’re  pushing  those  via  e- 
mail,  and  now  have  the  ability  to  download 
and  read  them.  It’s  really  enabling  agents  to  be 
more  effective. 

One  of  the  biggest  values  of  these  mobile 
devices,  frankly  is  photography.  The  No.  1  com¬ 
ment  that  we  get  on  our  public  Web  site  always 
has  to  do  with  photography:  “great  photogra¬ 
ph^’  “not  enough  photograph^’  that  kind  of 
thing.  And  it  doesn’t  have  to  necessarily  be 
using  the  mobile  device  to  take  a  photo, 
although  that  is  one  use  of  it.  But  many  users 
are  now  adopting  the  tether  capability,  so 
they’re  taking  better-resolution  photographs 
using  their  regular  digital  camera,  uploading 
those  to  their  laptop,  then  using  their  mobile 
device  as  a  data  modem.  They’re  able  to  get 
information  up  to  the  MLS  [Multiple  Listing 
Service]  —  whether  it’s  photos,  contracts,  sales 
offers  or  price  reductions.  To  me  that’s  one  of 
the  best  features  of  a  mobile  device,  to  be  able 
to  convert  it  into  a  relatively  high-speed 
modem  at  a  very  low  cost.  When  agents  are  try¬ 
ing  to  write  contracts,  they  can  immediately 
access  Xcelerate,  our  Web-based  online-con¬ 


tract  system.They  can  submit  contracts  or  pay¬ 
ments.  The  BlackBerry  and  the  Palm  have 
become  little  buddies  to  these  agents  who  are 
doing  this  stuff  remotely  It’s  a  fantastic  addi¬ 
tional  benefit. 

We  are  also  developing  some  applications 
for  the  iPhone  around  search,  allowing  cus¬ 
tomers  to  search  for  properties  and  store  them 
on  their  iPhone  so  they  can  look  at  photos, 
look  at  content,  and  e-mail  it  to  others.  We’re 
doing  that  right  now  and  will  hopefully  be 
releasing  that  in  the  very  near  future. 

You  also  have  your  CRM  system  tied  to 
these  mobile  devices,  right? 

Yes,  we  do.  Right  now  we  use  a  PeopleSoft 
CRM  solution.  Suppose  someone  is  browsing 
on  the  Web  and  finds  a  property  they’re  inter¬ 
ested  in  seeing.  An  event  gets  created  and  is 
sent  to  our  CRM  system.  It  goes  through  a  set  of 
business  rules  we’ve  created  —  a  series  of  yes 
or  no  decisions  to  ensure  the  opportunity  is 
sent  to  an  agent  who  specializes  in  the  area 
that  the  customer  wants.  It  then  goes  through  a 
picker  system  that  we  built,  which  uses  its  own 
rules  and  decision  process  to  pick  the  next 
available  agent.  As  soon  as  the  picker  system 
[selects  an  agent], the  information  is  delivered 
to  the  wireless  device  in  an  optimized  format. 
It’s  quick  to  read  and  has  information  on  what 
the  opportunity  is,  along  with  a  link  to  click  for 
additional  information.  We  don’t  give  all  the 
information  to  the  agent  because  there’s  a 
clock.  They  have  to  respond  within  a  certain 
period  of  time,  say  one  hour.  If  they  don’t 
respond  within  an  hour,  that  opportunity  goes 
back  into  our  picker  system  and  is  given  to 
somebody  else.The  intent  is  to  meet  or  exceed 
the  customer’s  expectations  and  hopefully  cre¬ 
ate  some  business.  We  can  also  manage  and 


benchmark  every  opportunity  that  comes  in, 
so  we  can  see  whether  agents  are  responding 
as  quickly  as  they  should. 

What  was  the  process  before  you  had  this 
system? 

We  were  basically  getting  e-mails  and  had 
some  third  parties  sending  us  leads.  People 
were  going  through  the  opportunities  manu¬ 
ally  to  clean  and  scrub  them  and  give  them  to 
the  right  agents. 

Any  way  to  assess  the  business  benefits 
you’ve  derived  from  that  CRM  application  as 
well  as  the  others  you’ve  implemented  for 
mobile  devices? 

There’s  no  question  we’ve  been  able  to  align 
ourselves  more  with  customer  expectations.  If 
we  didn’t  do  any  of  these  things,  we  would’ve 
absolutely  lost  customers.  What  I  say  is,  if  we’re 
not  doing  this  stuff,  we  don’t  even  get  a  chance 
to  bat.  If  you  don’t  bat,  you  can’t  win  the  game. 

Any  advice  for  others  embarking  on  mobile 
data  initiatives? 

As  users  come  on  the  system, be  able  to  sup¬ 
port  them,  have  the  help  desk  trained  and 
such.  You  should  also  go  out  into  your  work¬ 
force  and  understand  what  their  needs  are. 
Look  at  what  their  functional  requirements 
are  and  try  to  find  applications  that  will  help 
them.  I  think  we’re  going  to  go  though  a  ren¬ 
aissance  in  how  software  and  hardware  is 
looked  at  from  mobile  devices,  now  that  the 
enterprise  is  quickly  becoming  very  fond  of 
the  iPhone. That’s  going  to  generate  just  huge 
demand  for  new  software  tools.  It’s  a  matter  of 
the  IT  department  talking  to  the  business 
units,  understanding  the  requirements  and 
being  able  to  support  it. 
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Lotus. 
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_DAY  51:  We  can’t  work  the  way  we  want  to  work!  We’re  not 
collecting  or  sharing  knowledge  with  each  other!  How  can 
we  unlock  our  talents  when  we’re  cut  off  from  each  other 
like  this?  Everyone  feels  like  they’re  working  in  a  bubble. 

_I  think  someone  just  got  stuck  in  the  rafters... again. 

_DAY  52:  I’m  liberating  everyone  with  the  new  generation 
of  collaboration  tools  from  IBM.  Lotus  helps  us  organize, 
share  knowledge  and  communicate  around  the  work  we  do  to 
transform  our  ideas.  Its  flexible,  security-rich  portfolio 
integrates  with  what  we  have  now  and  will  have  in  the  future. 
And  IBM  services  can  help  us  plan  and  implement  a  collaboration 
and  communication  solution  that’s  right  for  our  business. 

.The  bubbles  are  gone.  They  were  extremely  satisfying  pops. 


Watch  the  Lotus  Collaboration  demo  at: 

IBM.COM/TAKEBACKCONTROL/LOTUS 
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WIRELESS  Long  &  Foster  Rush  University  Medical  Center 


One  big,  healthy  mobile  network 

It  took  time  to  get  it  just  right,  but  healthcare  staff  and  patients  are  reaping 
the  benefits  of  the  network  installed  by  wireless  veterans  at  Rush  University 
Medical  Center 


BY  PAUL  DESMOND 

lectronic  medical-records 
systems  are  all  the  rage  in 
hospitals  around  the  coun¬ 
try,  promising  to  improve 
accuracy  and  efficiency.  EMR 
screams  for  a  wireless  network  to 
support  it,  however,  given  that 
healthcare  professionals  need 
access  to  medical  records  from 
pretty  much  everywhere.  Karl 
Oder,  senior  director  at  Rush 
University  Medical  Center  in 
Chicago,  knows  well  what  it 
takes  to  deploy  a  wireless  net¬ 
work  that  can  support  not  only 
EMR  but  REID  and  VoIP  as  well. 
He  and  his  team,  which  includes 
Alden  Bmgada,  manager  of 
telecommunications  and  net¬ 
working,  tried  various  iterations 
of  wireless  before  hitting  on  their 
current  winning  formula. 

When  did  you  first  get  into  wireless? 

Karl  Oder:  We  had  wireless  around  1995.  It 
was  a  very  early  system  that  didn’t  work  very 
well,  and  we  eventually  pulled  it  out.  Another 
wireless  deployment  went  in  around  2000  or 
so.  That  was  again  a  proprietary  system.  It 
worked  better.  It  was  upgraded  in  2003  to  a 
nonproprietary  Cisco  system,  and  that  has 
since  been  upgraded  to  what  we  have  now. 

What  does  the  network  look  like  now? 

We  have  roughly  700  LWAPs  [Lightweight 
Access  Points],  all  Cisco  [Aironet],  models 
1231  to  1242.  Most  of  our  controllers  are  WiSMs 
[Wireless  Services  Modules]  that  sit  in  the 
[Cisco  Catalyst]  6500  Series  chassis.  We  have 
six  chassis  with  two  WiSMs  per  chassis,  for 
redundancy.  We  have  a  [Cisco]  Wireless 
Control  System,  which  basically  monitors  the 
entire  environment.  The  network  extends  to 
roughly  10  buildings  in  a  campus  environ¬ 
ment,  plus  one  hospital  in  Oak  Park,  about  15 
iniies  away  It  has  its  own  wireless  controller 


and  is  connected  across T-ls  to  our  main  cam¬ 
pus. 

How  has  the  network  evolved  since  2003? 

The  big  difference  between  2003  and  what 
we  have  now  was  the  move  to  LWAPs  from  the 
individual  access  points  being  managed  one- 
by-one.  We  also  needed  more  capacity  and 
more  coverage.  The  biggest  impetus  for  that 
was  an  expanded  EMR  initiative.  Initially  we 
provided  only  computerized  provider-order 
entry,  where  the  physicians  mainly  worked  on 
computers  in  the  halls.  So,  our  2003  deploy¬ 
ment  only  covered  the  hallways.  When  you  go 
to  a  full  EMR,  with  nurses  entering  vital  signs 
and  such, you  need  to  get  the  computer  inside 
the  patient  room.  We  were  also  looking  for¬ 
ward  to  deploying  VoIP  throughout,  as  well  as 
RFID. 

What  were  some  of  the  challenges  in  rolling 
out  wireless? 

Alden  Brugada:  Let’s  start  with  the  2003 
implementation.  We  didn’t  do  extensive  site 
surveys  for  that,  more  like  templates.  For  a 
12,000-square-foot  area,  we  put  three  access 
points.  The  coverage  was  there,  but  the  signal 


strength  didn’t  span  the  floor  as  we  would 
have  liked  it  to.  For  example,  we  piloted  VoIP  at 
that  time.  It  was  a  passive  system,  meaning  the 
[IP  phone]  wasn’t  scanning  for  active  access 
points.  You  could  attach  to  an  access  point, 
walk  over  to  another  access  point  50  yards 
away  and  not  attach  to  that  new  access  point 
until  you  had  dropped  your  first  signal.  So,  we 
saw  a  lot  of  degradation  and  choppiness. 

Looking  at  the  newer  wireless  implementa¬ 
tion,  with  respect  to  RFID,  we  set  that  up  so  you 
could  triangulate  among  three  access  points. 
So,  on  a  given  floor  we  may  have  30-plus 
access  points.  The  problem  was  signal 
strength.  We  had  so  much  bleed  that  we  had 
problems  with  devices  dropping  and  degrada¬ 
tion  of  VoIP  And  RFID  just  did  not  work 
because  there  was  so  much  signal  strength 
that  an  RFID  tag  would  beacon  to  almost  30 
devices.  So,  the  control  system  couldn’t  identi¬ 
fy  where  that  device  was. 

The  fix  was  to  basically  resurvey  each  floor 
not  just  horizontally  but  vertically  to  see  what 
bleed  we  were  getting  between  floors,  and  the 
signal  strength  throughout  the  horizontal  floor. 
We  changed  the  signal  strength  and  also 
See  Rush  University,  page  30 
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MATTHEW  GILSON 


.INFRASTRUCTURE  LOG 


_DAY  54:  This  gap  between  LOB  and  IT  is  getting  out  of 
hand.  Our  business  processes  are  rigid  and  inflexible. 
We  can’t  react  to  changes  in  the  business  environment. 
We’ve  got  to  find  a  way  to  bridge  the  chasm. 


.Gil’s  gonna  jump  it.  I  think  he  needs  a  bigger  engine. 

.DAY  55:  I’m  closing  the  gap  with  a  Smart  SOA™  approach 
from  IBM.  They  offer  a  full  range  of  hardware,  software 
and  services  to  speed  alignment  of  LOB  and  IT.  They’ve 
proven  themselves  in  over  6,550  SOA  engagements  of  all 
sizes.  Now  we  have  the  agility  to  respond  to  change. 

.Gil  says  from  now  on,  he’s  not  jumping  metaphors. 


WebSphere 


Watch  the  Smart  SOA  demo  at: 

IBM.COM/TAKEBACKCONTROL/SOA 


IBM,  the  IBM  logo,  ibm.com,  Smart  SOA,  WebSphere  and  Take  Back  Control  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States,  other 
countries,  or  both.  If  these  and  other  IBM  trademarked  terms  are  marked  on  their  first  occurrence  in  this  information  with  a  trademark  symbol  (*  or  these  symbols  indicate  U.S.  registered  or 
common  law  trademarks  owned  by  IBM  at  the  time  this  information  was  published.  Such  trademarks  may  also  be  registered  or  common  law  trademarks  in  other  countries.  A  current  list  of  IBM 
trademarks  is  available  on  the  Web  at  "Copyright  and  trademark  information”  at  www.ibm.com/legal/copytrade.shtml.  ©2008  IBM  Corporation.  All  rights  reserved. 


Long  &  Foster  Rush  University  Medical  Center 


Getting  Personal:  Karl  Oder 


Title: 

Senior  director 

Organization: 

Rush  University  Medical  Center 

Responsibilities: 

Requirements  gathering,  review  and  approval  of  software  and 
hardware  for  the  university  and  hospital. 

Annual  IT  budget: 

$10  million 

Number  of  IT  staff: 

160 

Education: 

Master  of  Science  in  Engineering,  University  of  Illinois  at  Chicago 

Previous  jobs: 

At  Rush  for  10  years  in  a  number  of  positions  from  entry-level 
programmer,  Unix  system  administrator  and  network  engineer, 
to  director. 

First  computer: 

Commodore  64. 

Home  network: 

Category  5  cabling  to  every  room  along  with  a  wireless  router 
supporting  three  computers,  a  home-automation  system  capable 
of  turning  lights  on  and  off,  an  alarm  system,  and  5M  cable 
Internet  connection. 

First  Internet 
experience: 

“Using  a  mainframe  at  the  University  of  Illinois  at  Chicago  for 
research  and  mail,  using  Gopher  and  that  kind  of  thing  —  the 
text-only  Web.” 

Words  to  live  by: 

“Life  is  all  about  learning.” 

Rush  University 

continued  from  page  28 

changed  the  channels  for  each  one  of  the 
access  points  for  VoIP  We’re  finishing  that  up 
now, and  it  seems  to  stabilize  the  infrastructure 
quite  a  bit  forVoipdata  and  RFID. 

How  has  the  wireless  network  changed  the 
way  doctors  and  other  staff  work? 

KO:  They  are  able  to  provide  better  care. 
They  get  real-time,  up-to-date  information  as 
opposed  to  the  old  way,  where  you  had  a 
paper  record  and  that  record  may  be  mis¬ 
placed  or  was  hard  to  find.  And  the  informa¬ 
tion  was  not  necessarily  kept  up  to  date.  The 
EMR  and  the  wireless  system  allows  them  to 
see  the  patient’s  information  right  at  the 
patient’s  bedside,  and  share  that  information 
with  the  patient  more  effectively 

Does  the  EMR  system  improve  accuracy? 

Yes,  and  it  improves  patient  safety. 
Medication  administration  is  much  safer  with 
an  EMR.  There  are  no  transcription  errors.  The 
communication  with  the  pharmacy  is  through 
the  computer,  so  there  are  fewer  callbacks. 
And  when  they  administer  medication,  nurses 
check  the  patient’s  wristband  to  determine  it’s 
the  correct  patient,  using  a  bar-code  reader. 
And  the  medication  list  is  instantly  upgraded 
whenever  a  physician  changes  a  patient’s 
medications. 

Are  doctors  able  to  see  more  patients  now? 

Whenever  you  get  a  new  system,  initially  it 
slows  everybody  down.  But  we’ve  been  at  this 
for  over  a  year  now,  and  it  is  actually  helping 
everybody  be  more  efficient.There’s  less  infor¬ 
mation  that  they  have  to  chase  down;  it’s  just  in 
the  computer,  so  they  don’t  have  to  look  for 
the  information. 

What  other  benefits  do  you  derive  from  the 
wireless  network? 

The  RFID  system  is  helping  our  clinical  engi¬ 
neering  staff  who  take  care  of  infusion  pumps 
and  other  medical  devices  to  locate  devices, 
to  bring  them  back  for  service.  Before,  it  was 
hard  to  locate  the  pumps  at  the  correct  time. 
It’s  a  regulation  that  they  have  to  be  serviced 
every  so  often. 

Were  you  having  a  problem  with  equipment 
being  lost  or  stolen? 

Well, yes  —  disappearing,  let’s  put  it  that  way 
You  don’t  know  whether  it  was  stolen  or  left  in 
an  ambulance  when  it  shouldn’t  have  been. 
With  RFID,  we  know  when  it  goes  out  the  door, 
and  the  system  can  record  that  the  equipment 
left  on  this  ambulance  and  is  going  to  this 
location,  so  you  can  ask  for  it  back. 

We  also  have  a  few  floors  that  are  using  wire¬ 
less  IP  phones  for  communication,  so  they’re 
able  to  better  communicate  with  each  other. 
Out  at  Oak  Park  Hospital,  it’s  tied  in  to  the 
nurse  call-system, so  the  nurse  gets  the  calls  on 
the  VoIP  phone  and  she  can  immediately  call 
the  patient  and  see  what  they  need  without 


having  to  go  to  the  room.  Previously  [the 
patient’s  call]  would  go  to  the  nurse  station, 
and  there’s  also  a  light  in  the  hall.  Then  the 
nurse  would  have  to  go  down  the  hall  into  the 
patient’s  room  to  talk  to  the  patient. 

Do  you  have  plans  to  expand  that  to  other 
hospitals? 

Yes,  we  have  plans  to  expand  that  cam¬ 
puswide.  Rush  is  going  through  a  transforma- 
tion.We’re  building  new  buildings  and  upgrad¬ 
ing  infrastructure  in  existing  buildings.  That’s 
underway  right  now. 

If  you  had  it  to  do  over  again,  what  might 
you  do  differently  with  respect  to  each  of 
your  wireless  efforts? 

We  should’ve  done  more  thorough  testing 
prior  to  the  rollout  of  the  EMR  system.  That’s 
the  biggest  thing.  We  would’ve  been  able  to 
spot  these  problems  with  too  much  coverage 
and  the  ability  of  the  cards  to  hand  off 
between  access  points,  things  like  that. 

Any  advice  for  others  who  are  looking  at 
big  wireless  rollouts? 

AB:  Instead  of  deploying  access  points  out 
to  the  floors,  centralize  them  in  the  closet  and 
then  deploy  antennas  in  a  distributed  antenna 
system.  That’s  something  we’ll  be  looking  at, 
but  the  RFID  portion  is  still  not  quite  there. 

KO:  That’s  a  good  point.  The  wireless  we 
deployed  here  is  totally  802.1 1.  As  you  move 
into  the  future,  cellular  data  services  are 
becoming  more  important.  So,  [we’d  like  to 
have]  an  antenna  system  that  would  be 
able  to  provide  for  the  cell  data  services,  as 
well  as  the  emergency-services  frequencies 
and  anything  else  that  comes  along. 
Doctors  carry  BlackBerries  around  with 


them,  and  right  now  we’re  not  providing 
that  service. 

AB:  Full  coverage  and  full  integration  of 
mobility  is  what  you’re  trying  to  get  to. You  can 
use  a  cell  phone  that  works  on  VoIP  or  wireless 
802.11  and  also  works  on  a  cell  network.  So,  if 
you  run  into  a  place  that  doesn’t  have  cell  cov¬ 
erage,  it  jumps  on  the  VoIP  network;  and  when 
you  run  into  a  place  that  has  cell,  it’ll  jump 
back  on  the  cell. 

KO:  You  don’t  want  separate  antenna  sys¬ 
tems  for  each  of  these  systems  because  there’s 
limited  room  in  the  ceiling.  And  these  anten¬ 
nas  are  located  in  the  patient  rooms;  having  to 
go  into  a  patient  room  is  a  big  problem 
because  you  have  to  shut  down  the  room  in 
order  to  replace  the  antenna  or  upgrade  the 
system. 

So,  is  that  a  future  plan,  to  implement  a 
distributed  antenna  system? 

Yes,  it  is.  It’s  a  future  plan  in  the  new  building, 
and  as  we  remodel  old  buildings  we’re  going 
to  reassess  what  we  have.  This  will  be  a  few 
years  from  now,  so  we’ll  have  a  better  idea  of 
what  the  technology  is  out  there  and  it’ll  prob¬ 
ably  be  time  to  replace  what  we  have  now. 

Anything  else  you  want  to  add? 

The  most  important  takeaway  is,  we  had  a  lot 
of  support  from  the  user  community  here  in 
implementing  these  systems.  It  wasn’t  really  an 
IT  win,  it  was  a  win  based  on  user  commit¬ 
ment  and  the  whole  institution  coming  togeth¬ 
er  to  deploy  these  things. 

Desmond  is  events  editor  for  Network  World 
and  president  of  PDEdit,  an  IT  publishing  com¬ 
pany  in  Southborough,  Mass.  Reach  him  at 
paul@pdedit.  com. 
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.INFRASTRUCTURE  LOG 

_DAY  45:  Too  many  servers.  Too  many  cables.  Too  much 
time  and  money  spent  running  a  growing  list  of 
applications.  We’re  getting  consumed  by  complexity! 


_DAY  46:  I  decided  to  consolidate  everything  with  IBM 
BladeCenter.®  Its  ability  to  run  Windowsf  Linuxf  UNIX® 
and  IBM  i  makes  it  the  smartest  way  to  optimize  our  IT. 
Now  we  can  run  almost  any  current  or  future  application 
using  only  one  chassis,  one  management  system.  This  will 
help  us  save  a  bundle  on  energy  and  management  costs. 

_DAY  47:  Gil  volunteered  to  help  IBM  recycle  our  old  cable 
spaghetti.  He  said  not  to  worry — he  was  on  top  of  it. 


See  why  companies  of  all  sizes  are  tossing  out  their  cables  for  IBM  BladeCenter: 

IBM.COM/TAKEBACKCONTROL/BLADES 


IBM,  the  IBM  logo,  ibm.com,  BladeCenter  and  Take  Back  Control  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States,  other  countries, 
or  both.  If  these  and  other  IBM  trademarked  terms  are  marked  on  their  first  occurrence  in  this  information  with  a  trademark  symbol  (*  or  ’“).  these  symbols  indicate  U.S.  registered  or  common  law 
trademarks  owned  by  IBM  at  the  time  this  information  was  published.  Such  trademarks  may  also  be  registered  or  common  law  trademarks  in  other  countries.  A  current  list  of  IBM  trademarks  is 
available  on  the  Web  at  “Copyright  and  trademark  information”  at  www.ibm.com/legal/copytrade.shtml.  Microsoft  and  Windows  are  trademarks  of  Microsoft  Corporation  in  the  United  States,  other 
countries,  or  both.  Linux  is  a  registered  trademark  of  Linus  Torvalds  in  the  United  States,  other  countries,  or  both.  UNIX  is  a  registered  trademark  of  The  Open  Group  in  the  United  States  and 
other  countries.  Other  company,  product,  or  service  names  may  be  trademarks  or  service  marks  of  others.  ©2008  IBM  Corporation.  All  rights  reserved. 


Video  for  memory,  a  book  for  faults 


Perhaps  I’m  just  getting  older,  but  I  find  I 
need  to  keep  notes  about  everything.  I 
used  to  effortlessly  remember  anything 
that  mattered,  but  alas  those  days  are  gone  and 
now  I  find  it  tricky  remembering  what  day  it  is 
and  what  I  had  for  breakfast. 

So  when  I  was  sent  a  cool  gadget,  a  tiny  solid- 
state  video  camera  called  the  Flip  Mino,  I  real¬ 
ized  1  had  a  solution  to  my  dwindling  memory 
At  roughly  4  by  2  inches  and  only  about  three-quarters  of  an  inch 
thick,  the  3.3-ounce  Mino  is,  as  its  name  suggests,  really  tiny  Because  the 
Mino  is  so  sleek  it  is  easy  to  drop  in  your  pocket  and  carry  it  everywhere 
as  a  sort  of  super  note  taker. 

The  Mino  stores  up  to  one  hour  of  video  and  remarkably  good  audio 
on  its  internal  2GB  flash  drive.Videos  are  in  640-by-480-pixel  MPEG4  AVI 
format  at  30  frames  per  second,  and  it  can  operate  at  light  levels  as  low 
as  2.0V/lux-sec  with  automatic  low-light  detection. 

One  of  the  things  that  makes  the  Mino  really  cool  —  and  unusual  — 
in  the  annals  of  gadgetry  is  that  it  almost  doesn’t  need  any  cables  (the 
only  cable  you  need,  which  is  included,  is  for  playing  videos  on  exter¬ 
nal  displays). 

To  download  video  content  or  recharge  the  Mino  you  simply  slide  a 
button  on  the  side  of  the  device  and  out  pops  a  built-in  USB  connector. 
You  then  plug  the  Mino  into  a  PC  USB  socket  to  charge  it  and,  because 
the  Mino  looks  to  your  machine  like  any  other  USB  mass  storage 
device,  you  can  grab  the  video  files  from  it  with  any  tools  you  like. 

The  Mino  comes  with  software  on  its  internal  storage  and  includes 
viewing  and  editing  applications  for  both  OS  X  and  Windows.You  can 
delete  the  software  from  the  device  to  increase  your  recording  time,  but 
the  beauty  of  leaving  it  is  you  can  then  use  any  PC  to  view  and  edit  your 


videos  (the  battery  is  good  enough  to  record  at  least  double  the  cam¬ 
era’s  one-hour  record  time,  which  allows  for  editing,  erasing  and  re¬ 
recording).  The  software  also  supports  sharing  videos  by  e-mail  and 
online  services  such  as  AOL  Video, YouTube  and  MySpace. 

As  I  noted,  the  video  quality  is  very  good,  but  while  the  lens  is  pretty 
fast  (f/2.4  so  low-light  shots  are  good)  the  fixed  focus  lens  (lm  to  infin¬ 
ity)  doesn’t  provide  a  wide  enough  field  of  view,  particularly  for  interiors. 

My  big  complaint  about  the  Mino  is  the  fixed  internal  storage  —  you 
don’t  want  to  have  to  run  to  a  PC  if  you’re  out  and  about  and  have  filled 
up  the  device.  If  the  Mino  could  use  removable  storage  cards  I’d  love  to 
try  it  with  the  Eye-Fi  card  I  reviewed  a  few  weeks  ago,  which  wirelessly 
and  automatically  transfers  stored  content  to  online  services. 

But  here’s  the  thing:  You  get  the  Mino  with  all  of  these  features  for 
$180,  which  is  an  amazing  value.  I’ll  give  the  Flip  Mino  4  out  of  5. That’s 
if  I  remember. 

The  other  thing  1  do  remember  that  I  wanted  to  mention  this  week  is 
a  terrific  book:  Fuzzing  for  Software  Testing  and  Quality  Assurance,  by 
Takanen,  DeMott  and  Miller.  Fuzzing  is  a  software  testing  technique  that 
involves  injecting  faulty  data  in  an  attempt  to  find  ways  that  a  given 
application  can  fail. 

The  idea  is  that  software  with  bugs  is  possibly  vulnerable  to  hacking 
and  will  behave  unpredictably  to  unexpected  inputs.  This  book  dis¬ 
cusses  the  whole  concept  of  software  testing  and  then  explains  how 
fuzzing  fits  in,  and  what  tools  and  techniques  are  available  for  develop¬ 
ers  and  QA  engineers  to  apply  the  technique.  In  the  age  of  Web  appli¬ 
cations,  fuzzing  takes  on  extra  importance  in  hardening  business 
processes.  Fascinating  and  quite  readable.  4'/2  out  of  5. 

Gibbs  has  fuzzy  memory  in  Ventura,  Calif.  Remind  him  at 
gearhead@gibbs.  com. 


Three  quick  gadget  hits 


The  scoop:  PowerDock,  by  Griffin  Technology, 
about  $50. 

What  it  is:  A  charging  base  station  with  two 
Universal  Dock  charging  ports  designed  to  fit 
any  iPod  or  iPhone  models  that  charge  through 
the  dock  connector  (most  new  models).  The 
charging  base  plugs  into  any  standard  120-volt 
AC  outlet.  The  system  offers  two  charging  slots, 
but  one  is  coming  soon  (for  about  $70) 
that  offers  four  charging  slots. 

Why  it’s  cool:  For  individuals  or  families  who  own 
multiple  iPods  and/or  iPhones,  this  charg¬ 
ing  dock  lets  you  simultaneously  recharge 
both  devices  without  having  to  manually 
switch  devices.  This  also  is  beneficial  if  you 
find  yourself  limited  on  power  outlets. 

Some  caveats:  The  charging  function  is  the 
only  function  of  the  PowerDock;  for  a  little 
more  money  you  can  probably  find  a  device 
that  offers  a  speaker/charging  combination,  al¬ 
though  you  would  be  back  to  switching  devices. 

Grade:  ★★★  (out  of  five). 


:  ■ 


The  scoop:  FlexTune,  by  Macally  Peripherals, 
about  $70  (coming  soon). 

What  it  is:  Speaking  of  combination  charging/speaker  systems  for  the 
iPod,  this  is  one  such  device. The  portable  stereo  speakers  designed  for 
iPods  include  a  docking  port  that  doubles  as  a  recharging  port.The  sys¬ 
tem  is  very  small  and  portable,  and  runs  on  AC  power  or  four  AA  bat¬ 
teries  (good  for  travel  without  the  power  cord). 

Why  it’s  cool:  The  sliding  speaker  design  lets  you  move  the  speakers 


FlexTune  allow  for  widescreen 
video  viewing. 


horizontally  extending  the  speakers  out  from  the  base.  If  you  have  a 
video  iPod  (or  iPhone), you  can  watch  videos  in  widescreen  mode 
(there’s  a  charging  slot  next  to  one  of  the  speakers  for  horizontal  view¬ 
ing.)  The  tiny  size  is  very  appealing  for  travel  purposes;  many  other  iPod 
speaker  systems  are  too  big  for  travel. 

Grade:  ★★★★ 

The  scoop:  DXG-567V  HD  high-definition  digital  video  camera,  by 
DXG  USA, about  $120  (Amazon.com). 

What  it  is:  A  competitor  to  the  Flip  video  camera,  the  DXG-567V 
is  a  handheld  digital  video  camera  that  can 
record  high-definition  video  content  directly  to 
an  SD  memory  card  (not  included). The  device 
includes  a  5-megapixel  video  sensor  and  can 
record  video  up  to  1 ,280-by-720  resolution  at  30 
frames/sec. 

Why  it’s  cool:  The  ability  to  shoot  quick  videos 
in  the  palm  of  your  hand  without  needing  a  tape 
camcorder  is  nice,  especially  for  spur-of-the- 
moment  events  or  even  as  a  “video  blogging”  tool. 
The  video  quality  seems  better  than  video 
recorders  from  a  cell  phone,  but  still  not  as  good  as 
a  camcorder. 

Some  caveats:  You’re  going  to  get  a  lot  of  shaky 
video,  as  there’s  no  image  stabilization.  Focusing  on 


close  objects  also  is  an  issue;  this  seems  designed  more  for  shooting  at 
greater  distances  (such  as  at  a  soccer  game  or  dance  recital). This  won’t 
shoot  good  video  in  low  light  or  very  bright  light,  either. 

Grade:  ★★★ 

Shaw  can  be  reached  at  kshaw@nww.com. 
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firm  with  more  than  1  million  customers, 
15,000  employees  and  a  presence  in  80  coun¬ 
tries,  according  to  Siemens.The  Siemens  unit  is 
the  No.  4  vendor  worldwide  in  enterprise  VoIP 
systems,  behind  Cisco,  Avaya  and  Nortel, 
according  to  Dell’Oro  Group. 

Enterasys  in  February  said  it  was  looking  to 
acquire  companies  that  would  take  it  to  the  $1 
billion  plateau  in  annual  revenue  in  order  to 
be  a  more  formidable  competitor  to  Cisco  in 
the  enterprise  (the  company’s  annual  revenue 
was  in  the  $350-million  ballpark). Until  now, the 
Enterasys  VoIP  strategy  consisted  only  of  a 
series  of  interoperability  partnerships  with 
other  vendors. 

The  deal  gives  Enterasys,  a  maker  of  security- 
enabled  LAN  switches,  a  wealth  of  unified 
communications  and  VoIP  infrastructure  and 
applications.  Siemens’  HiPath  and  OpenScape 
unified  communications  offerings  are  among 
the  leaders  in  that  market,  according  to  Entera¬ 
sys  CEO  Mike  Fabiaschi. 

“Thirty-five  percent  of  the  time,  if  somebody’s 
looking  at  a  data  network  infrastructure,  they’re 
also  looking  at  a  VoIP  or  a  video  application,” 
he  says.“Scale  and  brand  were  a  big  deal  to  a 
company  like  ours.  Clearly,  this  accomplishes 
the  scale  and  the  brand.” 

Enterasys  customers  should  be  encouraged 
by  the  move,  analysts  say 

“Enterasys  has  pretty  much  remained  silent 
for  quite  a  long  time,” says  Rob  Whiteley  a  prin¬ 
cipal  analyst  at  Forrester  Research.“Given  some 
of  the  financial-viability  concerns, a  lot  of  cur¬ 
rent  customers  wanted  any  sign  that  there  was 
light  at  the  end  of  the  Gores  Group  tunnel. 
Siemens  provides  the  brand,  some  cash  and  a 
promise  for  a  more  stable  revenue  stream.” 

Even  so,  there  are  some  caveats,  according  to 
Zeus  Kerravala  of  The  Yankee  Group.  Siemens 
has  a  professional  services  group  that  does  a 
significant  amount  of  business  with  Cisco  and 
Cisco  customers,  and  the  Siemens’  HiPath  and 
OpenScape  IP  telephony  systems  most  often 
ride  on  Cisco  networks. 

“Siemens  has  got  to  be  careful  how  much 
they  position  Enterasys  as  part  of  the  [VoIP] 
solution,”  Kerravala  says.“That  could  be  a  deter¬ 
rent”  for  enterprises  heavily  entrenched  in 
Cisco  infrastructure. 

Elwyn  Hull,  the  outgoing  president  of  the 
Siemens  user  group  in  the  United  States,  says 
the  University  of  Texas  Southwestern  Medical 
Center  in  Dallas  where  he  works  is  a  Cisco 
shop  and  will  take  a  wait-and-see  approach  to 
the  Enterasys  gear.  As  for  the  deal  itself,  howev¬ 
er,  the  director  of  telecommunications  and 
Siemens  HiPath  4000  real-time  IP  communica- 
tions-platform  customer  has  high  hopes. 

First,  the  deal  ends  two  years  of  worry  that  the 
Siemens  division  would  be  sold  off  to  a  com¬ 
pany  that  would  not  develop  and  support  the 
gear,  which  Hull  hopes  lasts  10  years.  “Now  it 
looks  like  fear  of  the  product  line  going  away  is 
gone,”  he  says.  (Siemens  had  been  looking  to 


BY  THE  NUMBERS 

Enterasys  grabbed  just  1.1%  of  the 
$4.5  billion  worldwide  Ethernet- 
switch  market  in  Q1  (Cisco  ruled 
with  72.1%),  while  Siemens  ranked 
No.  4  in  VoIP  equipment/software 
with  7%  of  that  $1.56  billion  market 
in  Q1  (Cisco  was  No.  1  with  25.8%). 
Source:  DELL’ORO  GROUP 

sell  its  Enterprise  Communications  group  ever 
since  it  spun  off  its  carrier  communications 
business  to  a  joint  venture  with  Nokia.) 

Second,  the  deal  brings  in  SER  Solutions, 
which  makes  contact-management  software 
that,  integrated  with  Siemens’  Pro  Center  ACD 
for  call  centers,  could  add  valuable  features.  It 


Campus 

continued  from  page  12 

and  search, without  spam  headaches  or  down¬ 
time.  It  saved  ASU  about  $400,000  per  year  in  IT 
infrastructure  costs,  according  to  Adrian 
Sannier,ASU’s  university  technology  Officer. 

“Your  [IT]  people  are  saying, ‘we  can  do  it,’” 
Sannier  told  the  opening-day  audience  this 
week  at  the  Campus  Technology  2008  confer¬ 
ence. ‘And  they  can.They  can  build  pyramids, 
too.” His  voice  rose  dramatically:“But  there’s  no 
money  in  it!” 

The  idea,  Sannier  told  his  audience,  is  “to  get 
someone  else  to  do  it.  Someone  really  big.” 

Google  and  Microsoft  offer  a  somewhat  cus¬ 
tomized  version  of  a  Web  portal  with  services. 
Both  can  create  an  extension  to  their  respec¬ 
tive  e-mail  domain  with  the  school’s  name,  for 
example,  studentname@gmail.schoolname 
.edu,  although  for  some  customers  there’s  no 
visible  change.  When  students  graduate,  the 
school  notifies  Google  or  Microsoft,  which 
then  ends  the  student  account,  while  offering 
the  student  the  option  to  continue  with  a  free 
or  paid  “post-graduate”  online  service. 

Drexel  University  earlier  this  year  launched 
a  pilot  to  give  some  of  its  20,000  students  a 
choice  of  four  e-mail  systems:  its  own 
Exchange-based  enterprise  e-mail,  Gmail, 
Microsoft  Windows  Live  Hotmail  and 
Microsoft’s  Exchange  Labs,  which  is  a  pilot 
program  for  online,  Exchange-based  hosted 
e-mail  launched  about  six  months  ago  and 
based  on  what  will  be  the  Exchange  14.0 
release.  Schools  can  create  mailboxes  that 
use  the  e-mail  and  calendar  features  of  the 
Outlook  Web  Access  client,  Web-based  self- 
service  management,  and  the  features  associ¬ 
ated  with  a  Windows  Live  ID. 

There  now  are  863  Gmail  accounts  and  255 
Hotmail  accounts,  with  far  fewer  for  Exchange 
Labs.  For  now  all  Drexel  students  are  still 
issued  a  Drexel-based  e-mail  account  for  offi¬ 
cial  communications,  says  Drexel  CIO  John 


could  allow  the  medical  center  to  automate 
outbound  calls  to  patients  reminding  them  of 
appointments  and  treatments,  and  to  give  stu¬ 
dents  instructions  in  emergencies,  Hull  says. 

Third,  basing  the  joint  venture  in  the  United 
States  will  make  sure  that  whatever  new  prod¬ 
ucts  it  comes  up  with  will  be  geared  to  the 
North  American  market,  Hull  says. 

The  joint  venture  has  the  right  to  use  the 
Siemens  brand,  but  it  has  not  yet  been  deter¬ 
mined  if  the  Enterasys  brand  will  be  retired, 
Enterasys  officials  say  It  is  also  unclear  what 
operational  role  —  if  any  —  Enterasys  man¬ 
agement  will  have  in  the  joint  venture,  but  it 
will  be  operated  by  Gores. 

Siemens  products,  such  as  the  OpenScape 
UC  Server,  will  remain  an  integral  part  of  the 
portfolio;  and  support  and  upgrades  for  such 
products  as  HiPath  3000  and  HiPath  4000  are 
to  be  continued  for  the  long  term,  the  com¬ 
panies  say.  ■ 


Bielec.  The  university  plans  a  full-scale  rollout 
of  the  program  this  fall. 

“Any  service  you  currently  offer,  [companies 
like]  Microsoft,  Google,  Yahoo  and  others  will 
offer;”  Bielec  says.  “It  doesn’t  make  sense  to  be 
in  those  businesses.” 

In  Google’s  case,  besides  Gmail  there  are 
Google  Docs,  for  online  creating  and  sharing 
of  documents,  spreadsheets  and  presenta¬ 
tions;  and  Google  Sites,  which  lets  users  build 
simple  group  Web  sites  and  add  and  share  files 
and  attachments  of  all  types.  Also  part  of  the 
package  are  APIs  that  link  into  back-end  ser¬ 
vices  or  applications,  such  as  directories  and 
single-sign-on  programs;  and  round-the-clock 
online  and  phone  tech  support. 

Google-izing  such  services  is  controversial 
on  campuses,  although  not  with  students. 
Abilene  Christian  University  (ACU)  in  Abilene, 
Texas,  outsourced  e-mail  to  Google  in  March 
2007,  after  CIO  Kevin  Roberts  struggled  to  deal 
with  faculty  and  staff  objections  to  the  propos¬ 
al,  including  the  two  most  frequently  and 
fiercely  cited  by  opponents:  security  and  pri¬ 
vacy  Roberts  laid  out  Google’s  privacy  policy 
and  the  proposed  contract  with  ACU,  already 
vetted  by  the  school’s  legal  counsel. 

Roberts  also  told  critics  they  were  “grossly 
mistaken”  if  they  believed  that  ACU’s  own  Sun- 
based  e-mail  system  involved  zero  security 
risk,  a  point  echoed  by  ASU’s  Sannier.  “You’ve 
just  got  to  get  over  the  idea  that  you,  your  Ma 
and  your  10-gauge  are  keeping  your  data  more 
secure  than  Google  is,”  he  told  his  audience. 

ACU  is  saving  about  $100,000  a  year  on  soft¬ 
ware  licenses  and  hardware.  A  full-time  pro¬ 
grammer  has  been  reassigned  from  e-mail  to 
implementing  a  new  project  around  the  Apple 
iPhone,  which  would  have  been  impossible 
otherwise,  Roberts  says.  And  the  entire  univer¬ 
sity  community  is  on  the  receiving  end  of  a 
continuous  stream  of  new  Google  apps. 

“You  don’t  get  too  many  ‘no-brainer’  deci¬ 
sions  in  your  career]’ Roberts  says.“But  this  was 
one  of  them.”H 
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Microsoft:  Still  a  business  of  threats? 


The  obvious  thought  came  to  me  while 
writing  last  week’s  column  that  about  the 
only  folk  (other  than  the  deluded  and 
amoral  management  of  the  SCO  Group)  that 
want  the  SCO  Group  effort  attacking  Linux  and 
other  open  source  initiatives  to  succeed  is 
Microsoft.  So  I  decided  to  explore  that  side  in 
this  follow-up  column,  but 
a  bit  of  reading  led  me  to 
the  conclusion  that  things 
are  not  as  simple  as  they 
appear. 

For  years  Microsoft  has  been  claiming  that 
Linux  has  been  stealing  its  intellectual  property 
rights  (IPR,  i.e.,  patented  technology). 

The  obvious,  and  sometimes  stated,  intent  of  this  was  to  make  corpo¬ 
rate  IT  buyers  decide  that  Microsoft  technology  was  the  legally  safe 
way  to  go  because  there  might  be  lawsuits  in  the  wings.This  Microsoft 
effort  has  seemingly  attempted  to  exceed  the  effort  by  The  SCO  Group 
in  the  sleazy  department. 

Microsoft  claimed  that  the  Linux  development  community  was 
knowingly  stealing  Microsoft  1PR  and  broadly  implied  that  Microsoft 
might  come  after  Linux  users  some  day  However,  Microsoft  did  not 
spell  out  what  the  technology  was  so  that  the  Linux  community  could 
stop  “violating”  Microsoft’s  rights. 

While  researching  for  this  column  I  belatedly  figured  out  that  a  year 
and  a  half  ago  Microsoft  took  what  appears  to  be  another  tack.  It 
released  the  Microsoft  Open  Specification  Promise,  an  irrevocable 
promise  that  says  anyone  can  “make,  use,  sell,  offer  for  sale,  import,  or 
distribute”  any  software  that  implements  any  of  a  long  list  of  specifica¬ 


tions  that  might  infringe  on  Microsoft  IPR  and  Microsoft  will  not  sue 
them. That  is,  unless  the  maker  sues  Microsoft  first  over  Microsoft 
implementing  the  same  specification.  No  licenses  are  needed  —  just 
don’t  sue  them.  And,  more  recently,  Microsoft  announced  that  it  was 
supporting  the  Apache  Software  Foundation. 

Microsoft’s  good-sized  list  includes  about  135  RFCs,six  IETF  Internet 
drafts  and  more  than  120  non-IETF  specifications.The  aim,  according 
to  Microsoft,  is  “to  reassure  a  broad  audience  of 
developers  and  customers  that  the 
specification^)  could  be  used  for  free,  easily  now 
and  forever.”  Good  stuff,  as  far  as  it  goes. 

I  am  puzzled  by  some  of  the  specifications  on 
the  list  that  predate  Microsoft’s  interest  in  the 
Internet.  In  fact,  they  predate  any  U.S.  patents  list¬ 
ed  on  the  Patent  Office  Web  site  as  being 
assigned  to  Microsoft, so  I  do  not  know  how  the  company  could  have 
IPR  that  applies  to  it.  Also,  the  list,  while  large,  is  not  universal. 

I  haven’t  seen  an  announcement  from  Microsoft  that  it  was  no 
longer  going  to  threaten  Linux  users  with  patent  problems  —  the 
company  was  still  threatening  a  year  after  the  Open  Specification 
Promise  was  published, so  it  does  not  seem  to  have  changed  stripes 
entirely.  I  haven’t  seen  an  overt  threat  from  Microsoft  in  a  while,  but  it 
would  be  nice  if  the  company  would  simply  get  out  of  the  business 
where  it  refuses  to  say  what  a  threat  is  based  on. 

Disclaimer:  I  haven’t  seen  Harvard  running  a  threat-based  business 
nor  seen  any  opinion  from  the  university  about  those  that  do,  so  the 
above  mixed  response  is  from  me. 

Bradner  is  Harvard  University’s  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com. 
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Crafting  a  WAN?  Consider  the  edges 


Many  IT  executives  consider  the  WAN  to 
be  a  monolithic  entity:  a  giant  network 
that  connects  all  the  organization’s  sites 
across  a  common  infrastructure. 

They  couldn’t  be  more  wrong.  Broadly  speak¬ 
ing,  in  the  typical  organization  there  are  three 
main  categories  of  connectivity  Really  big  sites 
(such  as  data  centers)  that  generate  tons  of  traf¬ 
fic  require  fat  pipes,  low  latency  and  multiple 
layers  of  redundancy  as  I  discussed  in  a  previ¬ 
ous  column  (www.nwdocfinder.com/6026). 

Often,  companies  use  optical  circuits  or 
point-to-point  Ethernet  to  interconnect  data 
centers,  because  of  these  requirements. 
Headquarters  sites  may  also  qualify  as  “really  big”,  depending  on  how 
much  traffic  they  generate.  But  they  may  not:  less  traffic  is  sourced 
from  headquarters  as  servers  are  moved  away  to  data  centers.  Similarly 
contact  center  sites  require  high  reliability  and  moderate  bandwidth 
(those  thousands  of  calls  need  to  get  throughout  they  don’t  consume 
as  much  bandwidth  as  you  might  think). So  again, contact  centers  may 
or  may  not  qualify  as  really  big.  Either  way  though,  these  sites  are  spe¬ 
cial  cases. 


having  thousands  of  sites  around  the  country  (or  world),  with  middling 
requirements  for  connectivity  at  each.  Universities  may  have  only  a 
half-dozen  buildings  scattered  around  a  campus,  but  with  high  band¬ 
width  requirements. 

But  the  real  challenge  that  trips  up  IT  execs,  more  often  than  not,  is 
the  “everything  else”  category:  full-  or  part-time  telecommuters,  branch 
offices  in  remote  locations  that  can’t  connect  to  the  main  WAN,  and 
mobile  services. 

Not  only  are  these  edge  sites  the  trickiest  to  manage,  they  can  also 
generate  as  much  as  40%  of  the  overall  WAN  cost.  Worse,  branch-office 
support  can  consume  as  much  as  35%  of  all  IT  support  costs. 

Some  good  tips  for  managing  the  WAN  edges: 

•  Confront  the  issue.  Don’t  try  to  handle,  say  telecommuters  on  a 
case-by-case  basis.  Have  a  standard  supported  configuration,  train  staff 
in  common  issues,  and  work  with  human  resources  to  understand 
users’  requirements  for  support  (even  when  the  organization  isn’t  pay¬ 
ing  for  the  services). 

•  Centralize.  I’ve  said  it  before,  but  the  best  approach  to  a  mobility 
policy  is  to  handle  all  voice  and  data  mobile  services  under  a  single 
contract  (or  small  number  of  contracts,  if  geographic  reach  is  an 
issue).  Don’t  let  individuals  or  business  groups  select  or  manage  their 
own  telco  providers. 

•  Get  creative.  One  way  to  simplify  access  for  remote,  mobile,  and 
traveling  workers  is  equipping  PDAs  with 
EVDO  and  VoIP  —  eliminating  the  need  for 
cellular  service  altogether. 

Johnson  is  president  and  senior  founding 
partner  at  Nemertes  Research,  an  independent 
technology  research  firm.  She  can  be  reached 
at  johna@nemertes.com. 


There  also  are  the  ordinary  sites:  headquarters  facilities  and  branch 
and  distributed  offices  of  various  flavors.These 
are  the  sites  that  IT  folks  generally  think  of  as 
comprising  the  WAN.  Depending  on  the  type 
of  organization,  there  may  be  a  half-dozen  of 
these  sites,  or  thousands,  and  they  could  be 
geographically  dispersed  or  close  by  And 
their  bandwidth  requirements  vary  radically 
Retail  companies,  for  example,  are  famous  for 
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SPECIAL  FOCUS:  SECURITY 


JERICHO  FORUM:  VISIONARIES 
WITH  A  VISIBILITY  PROBLEM 

After  initial  buzz  around  ‘de-perimeterization,'  group  struggles  to  gain  influence 


BY  ELLEN  MESSMER 

The  Jericho  Forum,  a  group  created 
in  2004  by  IT  security  managers 
convinced  that  firewalls  and  other 
perimeter  gateways  had  become 
a  hindrance  to  e-commerce,  made 
quite  a  splash  with  its  rallying  cry 
of  “de-perimeterization.” 

The  group  coined  the  term  to  describe 
the  disappearance  of  traditional  network 
boundaries  in  favor  of  complex  online 
interrelationships  that  require  more  innova¬ 
tive  security  approaches. 

The  forum’s  controversial  views  were 
greeted  by  some  as  radical,  while  others 
found  its  message  befuddling  or  quixotic. 
And  not  much  has  changed  over  the  past 
four  years. 

The  group’s  de-perimeterization  message 
is  still  controversial,  given  how  ensconced 
the  firewall  is  in  virtually  all  enterprise  net¬ 
works.  Outside  of  the  small  world  of  IT  secu¬ 
rity  cognoscenti,  however,  the  Jericho 
Forum  hasn’t  exactly  become  a  household 
name.  Many  in  the  user  community  and  in 
vendor  circles  say  they’ve  never  heard  of  it. 
In  addition,  membership  has  grown  very 
slowly,  standing  today  at  about  60  users  and 
vendors. 

The  group’s  impact  on  the  larger  world  of 
enterprise  security  is  debatable.  Some  say 
it’s  had  no  impact  at  all;  others  say  it  has 
triggered  an  important  conversation  about 
the  best  way  to  secure  enterprise  networks. 

“We’ve  actually  got  the  industry  talking 
about  how  we’re  getting  de-perimeterized,” 
says  forum  board  member  Paul  Simmonds, 
who  recently  joined  pharmaceutical  firm 
AstraZeneca  as  its  integrated  assurance 
director  after  a  stint  as  CISO  at  ICI,a  chemi¬ 
cals  firm. 

“Jericho  never  said  the  firewall  is  dead,” 
explains  Simmonds,  an  affable  Brit  who  has 
become  —  along  with  colleagues  Adrian 
Seccombe  of  Eli  Lilly  &  Co.  and  John 
Meakin  of  Standard  Chartered  Bank  —  the 
most  visible  CSOs  to  speak  out  about  the 
disappearing  perimeter. 

“The  firewall  isn’t  doing  you  much  good 
anymore. The  border  firewall  is  obsolete  or 
in  a  period  of  transformation.  The  firewall 
will  morph  into  more  of  a  protocol-based 
firewall  or  an  identity-based  firewall,” 
Simmonds  adds. 


But  after  four  years  of  public  events  at 
such  security  shows  as  RSAs,  as  well  as  the 
publication  of  numerous  white  papers, 
blueprints,  commandments  and  other  doc¬ 
uments,  the  group  is  still  regarded  in  some 
quarters  as  obscure,  irrelevant  or  even 
quirky. 

“They  haven’t  captured  the  imagination  of 
the  software  world,”  says  Dick  Mackey,  vice 
president  at  consultancy  SystemExperts.“Is 
Jericho  Forum  having  an  impact  out¬ 
side  its  own  borders?  Not  yet.” 

“A  vision  of  the  future  that 
assumes  everything  can  protect 
itself  is  great  if  that  future  ever  hap¬ 
pens  —  but  until  then,  network 
security  will  generally  lead  the  . 
way”  says  Gartner  analyst  John 
Pescatore,  adding  that  the  Jericho 
Forum  doesn’t  appear  to  have  had  a 

“We’ve  actually  got  the  industry 
talking  about  how  we  re  getting 
tie-perimeterized. 

PAUL  SIMMONDS,  Jericho  Forum  board 
member  and  integrated  assurance 
director  for  AstraZeneca 


major  impact  on  any¬ 
thing  over  the  course  of 
its  existence. 

Sometimes  the  rules 
that  influential  standards 
groups  come  up  with 
seem  to  work  against  the 
principles  espoused  by  the 
Jericho  Forum.  For  exam¬ 
ple,  the  first  rule  companies 
must  follow  to  comply  with 
the  standards  of  the 
Payment  Card  Industry 
Security  Standards  (PCISS) 

Council  is  that  they  must 
have  a  firewall. 

And  Bob  Russo,  PCISS’  gener¬ 
al  manager,  said  in  a  recent 
interview  that  he’d  never  even 
heard  of  the  Jericho  Forum.  He 
added  that  if  he  understood  the 
forum’s  objections  to  firewalls  and 


what  alternatives  there  might  be,  the  coun¬ 
cil  might  consider  changing  t^je  "firewall 
rule.  **  r  iff 

Simmonds  acknowledges  otic'  of  the 
biggest  problems  the  Jericho  Foruqri  faces  is:: 
“oddball  regulations”  that  run  counter  to  if?f  t 
vision  of  progress.  Jr5*'  « 

Even  more  disconcerting  is  the  factthaUd 
in  some  cases  the  group  isn’t  having  mich 
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impact  among  some  of  its  own  members. 

John  Bratkovics,  global  head  of  networks, 
voice  and  collaboration  for  Europe-based 
investment  firm  Dresdner  Kleinwort,  a 
Jericho  Forum  member,  says  he’s  vaguely 
aware  of  Jericho  but  he’s  not  directly 
involved  with  it  because  it  remains  in  an 
area  managed  by  others. 

That’s  not  to  say  the  Jericho  Forum  isn’t 
gaining  some  traction.  Two-thirds  of  its 
members  are  users.  The  rest  are  vendors, 
including  such  major  players  as  Symantec 
and  EDS. 

In  addition,  representatives  from 
Microsoft,  Oracle  and  Juniper 
Networks,  among  others,  rou¬ 
tinely  attend  the  forum’s 
monthly  meetings  in  such 
places  as  London,  New 
York  and  San  Francisco. 

Sometimes  they’re  >  jd 
given  an  audience 

• 


jeuu  nni 


port  the  goals  you  want  without  the  legacy 
firewall,”  adding  that  Juniper’s  strategy  cen¬ 
ters  on  its  Unified  Access  Control  technolo¬ 
gies  based  on  the  Trusted  Computing 
Group’s  open  standards  for  network-access 
control. 

Success  stories 

A  few  vendors,  however,  say  they  get 
Jericho  Forum’s  message  loud  and  clear. 
Start-up  Rohati  Systems  and  Palo  Alto 
Networks  have  introduced  security  prod¬ 
ucts  directly  inspired  by  its  foundational 
ideas. 


Jericho  Forum’s  11  commandments 


" 


to  discuss  their 
product  develop¬ 
ment;  sometimes 
they  just  listen,  try¬ 
ing  to  get  a  bead 
on  what  the  forum 
really  wants. 

This  isn’t  necessari¬ 
ly  easy,  because  the 
group  elaborates  its 
vision  at  a  pretty  ab¬ 
stract  level.  The  latest 
Jericho  publication  is 
a  position  paper  titled 
“Collaboration- 
Oriented  Architectures,” 

(COA)  authored  primar¬ 
ily  by  Eli  Lilly’s 
Seccombe. 

The  document  de¬ 
scribes  a  future  online 
contract-management  VI 
repository  that  includes  a  . 

“reputation  repository” 
that  can  record  a  user’s  actions  and  com¬ 
pare  them  with  applicable  contracts  and 
be  audited. 

Seccombe,  who  discussed  the  COA 
framework  last  April  in  San  Francisco  as  it 
was  first  published,  said  that  although  COA 
doesn’t  exist  today  as  embodied  in  IT  prod¬ 
ucts,  there  are  many  companies,  including 
Eli  Lilly,  which  need  COA-like  software  sys¬ 
tems  to  manage  efficiently  the  multitude  of 
collaborative  relationships  among  cus¬ 
tomers,  manufacturers  and  in  outsourcing. 
Simmonds  says  Jericho  plans  more  on  COA 
this  fall. 

“Generally  speaking,  they’re  doing  a  good 
job  in  explaining  how  the  network  looks 
today  and  how  it  can  look  in  the  future,” 
says  Brian  Lazear,  Juniper’s  director  of  prod¬ 
uct  management,  who  attended  a  Jericho 
Forum  meeting  earlier  this  year.’They’re  try¬ 
ing  to  create  nimbleness  in  the  network.” 

Lazear  acknowledges,  however,  that  “it’s 
difficult  to  have  the  access  control  and  sup- 
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Kurt  Plowman,  CTO  for  the  Staunton  City, 
Va.,  municipal  government,  has  never  heard 
of  de-perimeterization.  But  his  views  about 
the  traditional  firewall  mirror  those  of  the 
Jericho  Forum,  which  he  also  hasn’t  heard  of. 

“The  complexity  of  the  network  has 
grown  over  the  last  10  years,  and  I  haven’t 
seen  the  firewall  manufacturers  make  that 
change,”  says  Plowman,  who  adds  that  this 
past  spring  he  investigated  firewall  choices 
and  was  disappointed.  “I  don’t  care  about 
ports,  1  care  about  applications.” 

Plowman  is  working  on  a  shared-network 
project  and  Internet  access  with  the  local 
school  system  that  involves  phasing  out 
older  firewalls.  He  decided  to  buy  security 
control  gear  from  Palo  Alto  Networks, 
which  blocks  and  monitors  entirely  on  the 
application  level. 

Forum  member  Rohati  Systems  is  con¬ 
vinced  the  firewall  “is  not  capable  of  doing 
its  job  today  from  an  access-control  per¬ 
spective,”  says  the  vendor’s  president  and 


CEO  Shane  Buckley.  Rohati’s  offer  also 
focuses  on  application  use  and  is  designed 
for  application  Layer  7-based  entitlements 
management. 

Some  security  consultants  say  the  Jericho 
Forum  is  playing  an  important  role  by  seek¬ 
ing  to  bring  together  users  and  vendors  to 
articulate  a  vision  for  security  in  a  world 
where  de-perimeterization  is  not  just  a  con¬ 
cept  but  a  reality  The  forum  provides  a 
place  where  that  discussion  can  occur 
among  CSOs  and  IT  managers  who  may 
not  otherwise  have  a  way  to  do  that. 

“Businesses  are  being  extended  into  each 
other,”  says  Rena  Mears, 
who  leads  the  security  and 
privacy  services  group  at 
Deloitte  LLP  “They’re 
becoming  integrated 
with  each  other. 
This  is  a  group 
of  people  start¬ 
ing  to  talk 
about  strate¬ 
gies  around 
data  protec¬ 
tion  for  that.” 

“De-perime¬ 
terization  is 
not  a  recom¬ 
mendation,  it’s 
the  identifica¬ 
tion  of  a  prob¬ 
lem,  a  problem 
that  needs  to  be 
solved,”  says  Bur¬ 
ton  Group  analyst 
Dan  Blum,  who 
I  attended  the  Jeri¬ 
cho  Forum’s  July 
meeting  in  London 
where  the  COA  con¬ 
cept  was  discussed. 

Blum  says  the  Jeri¬ 
cho  Forum  still  is  per¬ 
ceived  by  some  as 
“advocating  organizations  just  tear  down 
their  firewalls.”  But  that’s  not  the  basic  mes¬ 
sage  at  all,  he  notes. 

Still,  the  Jericho  Forum  has  a  visibility 
problem  and  needs  to  “make  sure  they’re 
received  positively,  constructively  and  not 
negatively”  Blum  says,  adding  that  their 
core  concepts,  such  as  COA,  are  coming 
to  fruition  and  industry  should  be  more 
involved.  “The  COA  vision  contains  good 
guidelines  and  principles  for  organiza¬ 
tions  to  use,”  he  says. 

Even  among  those  who  haven’t  heard 
about  Jericho  Forum,  the  concept  of  de- 
perimeterization  sometimes  holds  quick 
appeal. 

“I  have  to  agree  that  the  firewall  is  not  as 
useful  as  it  used  to  be,” says  Lou  Jackson,  IT 
manager  for  accounting  firm  Considine  & 
Considine  in  San  Diego.“I  haven’t  heard  of 
Jericho  Forum,  but  I’d  like  to  think  they’re 
pulling  together  something  more  robust 
than  what  we  have  today’  ■ 
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taking  on  man-eating 
plants,  easy. 


1.  Know  your  leafy  enemy. 

What  changed  your  dusty,  dried-out  office 
plant  into  a  bloodthirsty  menace?  Will  you 
be  held  responsible  for  the  workloads  of 
your  devoured  coworkers? 


1.  Implement  Microsoft*  Forefront.1' 
Forefront  makes  defending  your  systems  easier. 
It's  a  comprehensive,  simple-to-use,  integrated 
family  of  products  that  helps  provide  protection 
across  your  client,  server,  and  network  edge.  For 
case  studies,  free  trials,  demos,  and  all  the  latest 
moves,  visit  easyeasier.com 

Forefront  is  business  security  software  for  client, 
server,  and  the  network  edge. 


2.  Office  coffee. 

This  works  well  against  so  many  office  threats.  The  more  over¬ 
brewed,  reheated,  and  dirty-pot-prepared,  the  better.  Two  pots 
and  it's  over. 


3.  The  junk  food  attack. 

In  the  afternoon,  when  energy 
is  low,  raid  the  vending  machine 
and  fill  the  Man-Eating  Plant  with 
snacks,  chips,  cookies,  etc.  Puts  you 
right  to  sleep — the  Plant  too, 
we  bet.  _ 


Go  green. 

We  mean  literally.  Disguise  yourself  as  a 
plant — a  leafy  fern,  perhaps — to  escape 
carnivorous  Plant  scrutiny.  Helps  you 
escape  boss  scrutiny  as  well. 


5.  Weed  spray. 

This  is  generally  nasty  stuff, 
but  there  are  plenty  of  organic 
weed  sprays  on  the  market. 
And  this  is  a  Man-Eating  Plant, 
so  it  seems  justified. 


1  CLEAR  CHOICE  TEST  NETWORK  INTRUSION-PREVENTION  SYSTEM 

Check  Point  IPS-1  fills  a  gap  in 
company’s  security  product  line 

Strong  intrusion  prevention,  but  weak  ties  to  Check  Point  mgmt.  tools 


BY  JOEL  SNYDER,  NETWORK  WORLD  LAB  ALLIANCE 

heck  Point  Software  finally  has  delivered  some  useful  fruit  from 
its  December  2006  acquisition  of  NFR  Security  In  late  April,  the 
company  shipped  IPS-1,  the  first  version  of  the  NFR  intrusion- 
prevention  and  -detection  system  to  be  integrated  into  Check 
Point’s  own  security  wares.  Both  the  IPS  sensor  and  its  management 
tool  kit  now  reside  on  Check  Point’s  own  SecurePlatform,  a  self¬ 
installing  Linux-based  security  operating  system  that  Check  Point  also 
uses  for  its  other  security  products  and  management  platforms. 

IPS-1  does  not  replace  Check  Point’s  older  IPS  technology, 
SmartDefense,  at  least  not  in  the  short  term.  Check  Point  firewall  users 
looking  for  firewall-integrated  basic  threat  protection  with  minimal  man¬ 
agement  and  forensics  capabilities  will  stick  with  SmartDefense.  For 
stand-alone  devices,  a  broader  range  of  protections,  and  for  extensive 
event  analysis  tools,  IPS-1  sensors  are  Check  Point’s  answer. 

Check  Point  offers  the  IPS-1  sensor  in  appliance  format,  with  its  IPS-1 
Sensor  100/200/500/1,000  appliances  (ranging  in  price  from  $10,000  to 
$50,000),  and  as  a  software-only  product,  OpenSensor,  for  installation  on 
the  hardware  of  your  choice. 

We  tested  IPS-1  using  Check  Point’s  IPS-1  Sensor  200C  platform,  a 
200Mbps  IPS  with  four  ports  of  fail-open  IPS  capability  for  $16,000. Check 
Point’s  SmartCenter  management  system  costs  $10,000.  Existing  Check 
Point  customers  with  SmartCenter  won’t  have  to  pony  up  for  a  new 
license  and  can  simply  add  IPS-1  sensors  to  an  existing  SmartCenter. 

In  this  exclusive  Clear  Choice  Test,  we  found  that  IPS-1  offers  a  strong  set 
of  IPS  protections  and  a  cutting-edge  IDS  in  an  easy-to-control  package. 
IPS-1  still  shows  its  IDS  heritage,  with  a  very  strong  set  of  policy  and  mis¬ 
use  detection  tools,  so  Check  Fbint  customers  looking  to  combine  IDS 
and  IPS  functions  will  find  this  an  especially  compelling  product  line. 

Although  IPS-1  management  now  is  integrated  with  SecurePlatform,  it 
is  not  integrated  with  Check  Point’s  other  security-product  management 
tools,  most  notably  those  for  firewall  management. 

This  is  a  disappointing  fact,  because  it  means  that  one  of  Check  Fbint’s 
best  features  —  its  strong,  policy-based  management  —  is  not  available 
to  IPS-1  network  managers.  Existing  Check  Point  customers  will  take  to 
the  familiar  look-and-feel  in  this  IPS-1  release,  but  true  value  of  Check 
Point’s  management  tools  hasn’t  been  realized.  Check  Point  says  it  does 
offer  some  log  integration  with  its  own  Evenita  security-information  and 
event-management  (SIEM)  product,  but  we  did  not  verify  that  claim  with 
this  single  product  test.  (See  a  comparative  test  of  SIEM  products  at 
www.nwdocfinder.com/5941.) 

This  lack  of  full  integration  leaves  some  astonishing  gaps  in  IPS-1  man¬ 
agement.  For  example,  there  is  no  built-in  reporting.  If  you  want  to  gen¬ 
erate  a  report  summarizing  data  from  of  IPS-1,  it’s  your  responsibility  to 
track  down  a  database  to  put  the  data  into  and  to  set  up  your  own 
reporting  tool, such  as  Business  Objects’ Crystal  Reports.  Another  critical 
lacuna  is  the  lack  of  shared  objects  between  firewall  and  IPS  policies. 
This  means  that  a  firewall  manager  who  has  made  the  effort  to  map  his 
network  using  Check  Point’s  powerful  object-definition  tools  will  have  to 
start  over  from  scratch  when  defining  IPS  policies  in  IPS-1. 

Despite  our  disappointment  with  its  lack  of  management  ties  to 
other  Check  Point  products,  we  were  impressed  by  the  snappy  per¬ 
formance  of  the  stand-alone  IPS-1  management  system  when  we 
were  viewing  security  IPS  and  IDS  events.  IPS-1  uses  a  client/server 
architecture,  with  a  Windows-based  client  connected  to  a  back-end 
management  server.  The  client  is  limited  to  viewing  30,000  events  at 
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Product 

Check  Point  IPS-1 

Vendor 

Check  Point  Software 
www.checkpoint.com 

Price 

$16,000  for  sensor,  $10,000  for  management 
platform 

Pros 

Outstanding  IDS  analysis  tools;  easy  deploy¬ 
ment  with  appliance  or  software;  consistent 

Check  Point  GUI;  good  attack  detection. 

Cons 

Not  integrated  with  other  Check  Point  manage¬ 
ment;  missing  such  advanced  IPS  features  as 

DoS  protection;  weak  target-based  features. 

Score 

3.78 

■Hi  i  '  SI 

SCORECARD 

Final 

Score 

Action 

Weight 

Intrusion  protection 

25% 

4 

Analysis  tool  kit 

25% 

4.5 

Network  awareness 

20% 

3.5 

IPS  policy  management 

20% 

3.5 

Reporting  and  documentation 

10% 

2.5 

Total  score 

3.78 

Scoring  key:  5:  Exceptional;  4:  Very  good;  3:  Average;  2:  Below  average; 
1:  Subpar  or  not  available. 


any  moment,  but  because  it  does  operate  out  of  local  memory 
(rather  than  having  the  server  sort  and  combine  events),  it’s  wonder¬ 
fully  fast.  Compared  with  other  Web-based  IPS  management  tools, 
IPS-1  is  a  joy  to  use. The  client  glides  through  the  data  and  updates 
the  screen  almost  instantaneously  for  many  operations. 

More  important  than  speed,  however,  is  that  the  IPS-1  client  gives  the 
security  analyst  sufficient  tools  to  make  good  use  of  the  information  pro¬ 
vided  by  the  sensors.  As  an  IDS-turned-IPS,  the  analysis  features  of  IPS-1 
will  make  most  security  managers  pretty  happy  Some  innovative  display 
tools,  especially  the  constantly  updating  Timeline,  are  excellent  ways  to 
gain  instant  visibility  into  the  security  posture  of  a  network  using  simple 
visualizations  and  graphics.  Although  there  are  some  silly  gaps,  such 
as  an  inability  to  take  a  detailed  look  at  more  than  one  event  or 
packet  at  a  time,  any  security  analyst  will  find  the  IPS-1  client  to  be 
responsive,  full-featured,  mature  and  very  well  designed. 

Check  Fbint  also  has  tried  to  put  some  target-based  IDS  features  into 
its  product  by  allowing  the  network  manager  to  import  Nessus  network 

See  IPS-1,  page  42 
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Server  room 

climate  worries? 


Server  Room 
Climate  &  Power 
Monitoring 


—‘!C2?S 


How 
w'i 

low-cost, 


Get  our 

free 

book. 


E-mail  Free6ook@ITWatchDogs.com  with  your 
mailing  address  or  call  us  at  512-257-1462 


SENSAPHONE" 
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scans  manually,  then  query  that  information 
while  analyzing  events.  It  would  be  a  useful  trick, 
but  this  feature  is  as  immature  as  a  week-old 
Cheddar,  and  will  need  a  lot  of  work  to  be  very 
useful  to  an  analyst  who  wants  to  prioritize  his 
work  on  vulnerable  and  critical  systems.  If  Check 
Point  does  integrate  IPS-1  management  with  fire¬ 
wall  management,  perhaps  some  of  the  criticality 
and  exposure  information  available  in  the  fire 
wall  can  be  shared  with  the  security  analyst. 

Missing  features 

The  IPS  features  of  the  IPS-1  are  not  as  well 
developed  as  those  of  Check  Point’s  Smart- 
Defense.  For  example,  the  IPS  sensor  doesn’t  have 
any  significant  denial-of-service  protections,  and  there  are  no  behavior- 
anomaly-detection  features.  We  found  similar  gaps  in  managing  IPS  pol¬ 
icy  Linking  from  an  event  to  the  sensor  policy  and  event  documentation 
is  a  single  click  —  a  fantastic  and  speedy  feature.  It’s  painfully  tedious, 
however, to  go  the  final  step  and  manage  policy  —  for  example,  adding  a 
per-host  exception  to  a  rule,  a  common  requirement  in  a  false-positive- 
sensitive  IPS  environment.  Check  Point  told  us  it  is  releasing  a  “hot  fix”  in 
August  to  help  resolve  this  particular  pain  point. 

We  also  tested  the  IPS-1  management  system’s  correlation  features. 
These  provide  a  simple  tool  that  looks  across  alerts  for  common  features 
or  clusters  of  related  alerts,  and  can  be  used  in  both  IDS  and  IPS  deploy¬ 
ments.  For  example,  we  created  a  correlation  rule  that  looked  for  a  clus¬ 
ter  of  10  attacks  in  less  than  1  minute  from  our  guest  network  to  our  pro¬ 
duction  network;such  a  cluster  could  indicate  a  more  concerted  attempt 
to  break  into  our  network.  Creating  and  using  correlation  rules  is  fairly 
simple,  but  their  capabilities  are  simplistic  enough  that  they  didn’t  seem 
as  useful  as  similar  tools  in  other  IPS  products. 

One  critical  feature  that  Check  Fbint  thankfully  has  left  untouched  from 


the  original  NFR  product  is  the  detection  engine 
inside  the  IPS-1  sensor.  After  running  —  and  tun¬ 
ing  —  an  IPS-1  sensor  on  our  network  for  two 
weeks,  we  used  the  same  policy  to  see  how  well 
the  IPS-1  would  block  server  attacks  from  our  Mu 
Dynamics  Mu4000  Service  Analyzer.The  IPS-1  did 
extremely  well,  missing  about  21%  of  the  Mu4000 
attacks.  For  comparison,  in  our  recent  unified- 
threat-management  firewall  test  (www.nwdoc 
finder.com/5942), which  used  a  similar  methodol¬ 
ogy  (although  an  older  version  of  the  Mu4000 
software), the  best-scoring  product  missed  24%  of 
the  Mu4000  server  attacks,  and  the  average  miss 
rate  was  70%. 

For  client-side  attacks,  the  IPS-1  sensor  still 
turned  in  a  respectable  performance, although  it 
missed  53%  of  the  Mu-4000  attacks  —  about  the 
same  as  the  best  products  in  our  UTM  test,  and 
15  points  better  than  that  test’s  average  score. 

Getting  ready  for  prime  time 

This  release  of  the  IPS-1  product  won’t  be  very  exciting  to  anyone 
already  familiar  with  NFR’s  pre-Check  Point  Sentivist  product  line. 
However,  Check  Point  customers  looking  for  something  better  than 
SmartDefense,  especially  in  the  area  of  IDS  and  security  visibility  will 
find  a  whole  new  offering  that  will  be  of  immediate  interest. 

We  would  have  preferred  to  see  a  better  and  more  complete  integra¬ 
tion  of  the  IPS-1  management  system  with  Check  Point's  existing  man¬ 
agement  tool  kit.  Current  Check  Point  customers  applying  the  standards 
of  its  other  security  products  occasionally  will  find  themselves  in  abrupt 
and  puzzling  dead  ends,  such  as  no  reporting  and  no  consistent  net¬ 
work-object  list.  We  nevertheless  think  that  this  IPS-1  release  nicely  com¬ 
plements  the  features  of  other  Check  Point  products. 

Snyder  is  a  senior  partner  at  Opus  One  in  Tucson,  Ariz.  He  can  be 
reached  at  Joel.Snyder@opusl.com. 


Check  Point’s  IPS-1  line  represents 
the  first  fruit  of  the  company’s 
December  2006  acquisition  of  NFR 
Security.  Our  test  shows  it  provides 
formidable  intrusion  protection 
but  doesn’t  tap  fully  into  Check 
Point’s  policy-management  tools. 


How  we  did  it 


We  installed  Check  Point’s  IPS-1  Sensor  200C  on  our 
production  network.  The  sensor  has  four  intrusion- 
prevention  interfaces  that  are  paired  into  two  sets 
of  fail-open  (or  fail-closed)  Gigabit  Ethernet  ports. 
Although  the  IPS-1  Sensor  200C  has  additional  ports  on  the 
back  that  also  can  be  used  for  intrusion  detection,  Check 
Point  allows  for  only  a  single  policy  per  sensor,  so  we  stuck 
with  the  two  IPS  links.  We  inserted  the  IPS-1  in-line  with  an 
Ethernet  link  serving  about  1,000  DSL  subscribers,  and  a 
second  link  protecting  a  heavily  used  42-server  Internet 
server  farm.  In  both  cases,  we  ran  the  IPS-1  in  “detect 
only”  mode  for  two  weeks  before  turning  on  blocking. 

\Ne  installed  the  IPS-1  management  server  using  the 
SecurePlatform  CD  onto  a  Compaq  DL360  server  with  8GB 
of  memory  and  two  3.0GHz  CPUs.  We  installed  the 
Windows  client  tool  on  an  existing  Windows  workstation, 
a  single  CPU  3.0GHz  client  with  3GB  of  memory. 

Ater  a  one-hour  training  session  with  Checkpoint,  we 
tuned  the  IPS  for  our  environment.  During  two  weeks  of 
observation,  we  edited  policy,  analyzed  events  and  tried 
to  put  the  analysis  pa  rt  of  the  system  through  its  paces. 

Ater  that,  we  turned  the  IPS  into  blocking  mode,  keep¬ 
ing  careful  watch  on  potential  false  positives  and  other 
interruptions  to  normal  traffic.  During  two  weeks,  none 


of  the  users  or  servers  being  sent  through  the  IPS  logged 
help  desk  calls  —  although  we  did  see  a  bit  of  BitTorrent 
blocking  that  seemed  to  go  unnoticed. 

After  the  in-line  test  was  ove  r,  we  pulled  the  IPS  out  and 
used  Mu  Dynamics’  Mu-4000  Service  Analyzer  to  test  it. 
For  this  testing,  we  focused  on  published  vulnerability 
attacks.  We  broke  up  our  testing  into  two  pa  rts:  client  to 
serve r,  and  server  to  client.  IPSes  generally  protect 
either  users  or  servers.  For  users,  the  IPS  is  pro- 
grammed  to  protect  users  who  are  browsing  the  Internet 
or  downloading  files  and  thus  are  susceptible  to  certain 
types  of  attacks  focused  on  client  applications,  such  as 
\Neb  browsers  and  PDF  readers.  For  servers,  the  IPS  is 
programmed  to  protect  Web,  e-mail  and  other  types  of 
servers  against  attacks  initiated  by  malicious  users. 

VJe  used  the  policy  that  Check  Point  had  set  up  initially, 
and  which  we  tuned  over  the  four  weeks  of  testing.  Our 
policy  was  used  to  protect  users  and  servers,  but  we 
tested  these  attacks  sepa  rately  with  the  Mu-4000.  The 
Mu-4000  client  profile  had  approximately  525  attacks, 
while  the  server  profile  had  approximately  600.  We  count¬ 
ed  an  attack  as  “missed"  if  the  IPS-1  let  the  attack 
through.  Then  we  generated  a  percentage  based  on  the 
number  of  attacks  missed. 
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browsers,  but  these  browsers  often  have  logic 
flaws  that  allow  these  attacks,”  Kotler  says. 

For  vendor  AirTight  Networks,  which  makes 
WLAN  intrusion-prevention  systems,  its  focus  is 
how  some  WLAN  vendors  may  not  be  imple¬ 
menting  the  IEEE’s  new  802.1  lw  security  stan¬ 
dard  correctly. 

The  802.1  lw  standard  (Cisco  calls  it  “man¬ 
agement  frame  protection”)  is  supposed  to 
make  WLANs  resistant  to  denial-of-service 
(DoS)  attacks.  But  AirTight  will  show  how  it’s 
possible  with  some  implementations  of 
802.1  lw  in  vendor  equipment  to  conjure  up  an 
attack  that  hits  WLAN  access  points  with  mal¬ 
formed  packets,  not  bringing  them  down  but 
triggering  a  disconnection  response  in  their 
WLAN  clients. 

“This  attack  involves  a  special  packet 
which  has  the  effect  of  disconnecting  the 
endpoint,”  says  Pravin  Bhagwat,CTO  at 
AirTight,  which  dubs  this  the  “autoimmunity 
disorder  in  WLANs.” 

The  WLAN  DoS  attack,  which  involves  tam¬ 
pering  with  the  media  access  control 
address  at  Layer  7  by  sending  a  continuous 
stream  of  injected  packets  at  30-second  inter¬ 
vals,  basically  results  in  the  WLAN  access 
point  being  exploited  as  the  vector  for  dis¬ 
abling  WLAN  endpoints. 

Some  of  the  WLAN  equipment  that  will  be 
shown  to  be  vulnerable  to  this  attack  includes 
that  of  D-Link,  Cisco,  Buffalo  Technology  and 
open  source  Madwifi.  Either  these  vendors 
aren’t  implementing  802.1  lw  correctly  or  the 
standard  needs  to  be  improved  to  prevent  the 
“autoimmune  disorder”  in  WLANs,  according 
to  AirTight. 

All  about  the  rootkit 

Cisco  gear  will  also  get  pounded  in  anoth¬ 
er  session  with  Core  Security  Technologies, 
which  is  expected  to  show  how  it’s  possible 
to  install  a  rootkit  on  the  Cisco  IOS.  A  rootkit 
is  code  designed  to  hide  from  detection  so 
someone  can  control  processes  without 
being  noticed. 

“This  does  assume  you  have  access  to  the 
Cisco  device  because  you  are  the  administra¬ 
tor  or  somehow  broke  in,”  says  Ivan  Arce,  CTO 
at  Core  Security 

The  Cisco  IOS  rootkit  would  give  an  attacker 
the  ability  to  do  things  such  as  change  how 
traffic  passes  through  a  Cisco  device.  “People 
don’t  understand  it’s  possible  to  have  a  rootkit 
on  IOS,”  Arce  says,  adding  that  Cisco  is  aware  of 
the  research  and  earlier  this  year  issued  an 
advisory  on  it. 

Rootkits  will  be  a  hot  topic  at  Black  Hat  as 
some  of  the  world’s  foremost  researchers  on 
the  subject  reveal  new  discoveries  they’ve 
made  about  subverting  software. 

Researcher  Joanna  Rutkowska,  whose 
devastating  insights  into  Microsoft  software 
and  rootkits  impressed  Black  Hat  audiences 
in  the  past,  is  expected  to  take  on  the  Xen 
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hypervisor  with  help  from  colleagues.  But  it 
doesn’t  stop  there. 

Google  Gadgets,  those  small  Web  applica¬ 
tions  that  let  users  customize  Web  pages,  will 
be  in  for  the  Black  Hat  treatment,  too. 

“The  current  architecture  in  the  security 
model  around  Google  Gadgets  is  highly  inse¬ 
cure,”  says  Tom  Stracener,  senior  security  ana¬ 
lyst  at  Cenzic.  The  Web  application  security 
assessment  provider  says  it  will  prove  how  it’s 
possible  for  Google  Gadgets  to  take  control 
over  each  another  and  steal  information  from 
each  other. 

Still,  Black  Hat  isn’t  all  about  deconstructing 
security  Some  experts  will  show  how  to  take 


preventative  measures  to  shore  up  perceived 
vulnerabilities. 

When  Princeton  University  researchers 
earlier  this  year  showed  how  it’s  possible  for 
an  attacker  to  swipe  cryptographic  keys  off  a 
computer  through  the  cold  boot  technique, 
it  sparked  a  debate  over  the  safety  of  stored 
encryption  keys  and  how  they  could  be 
grabbed  in  memory  when  a  machine  is 
being  turned  off,  particularly  if  subjected  to 
cold  temperatures. 

“Information  can  take  minutes  or  even 
hours  to  fade  out  on  a  computer,”  says 
Bit  Armor  CEO  Patrick  McGregor.  “There  can 
be  small  pieces  of  information  floating 
around.”  The  Princeton  University  research 
generated  a  lot  of  concern  that  “full-disk 
encryption  was  useless.” 

But  while  the  cold  boot  attack  method  is  not 
particularly  difficult  to  accomplish  —  “you 
could  plug  a  USB  drive  into  a  laptop”to  carry  it 
out,  McGregor  says  —  the  situation  isn’t  as  dire 
as  some  think.  BitArmor  claims  to  have  a  few 
basic  defenses,  including  leveraging  tempera¬ 
ture  sensors  in  Dell  and  HP  computers,  and  a 
way  to  design  a  “secure  enclave  to  protect  full- 
disk  encryption  keys.” 

BitArmor  says  it  uses  these  techniques  effec¬ 
tively  in  its  own  products  today  and  will  share 
what  they  are  at  Black  Hat. 

In  another  talk,  entitled  “The  Internet  is 
Broken,”  NGS  Software  will  demonstrate  how  it 
says  an  attacker  could  steal  online  credentials 
from  users  of  Facebook  or  eBay  by  placing 
malicious  image  files  on  the  site. The  idea  is  to 
upload  to  a  popular  Web  site  a  so-called  GIFAR 
file  (combination  of  Graphics  Interchange 
Format  and  JAR,  Java  Archive  file)  that  looks 
exactly  like  .gif  file.  However,  a  browser’s  virtual 
machine  would  open  it  as  a  Java  Archive  file 
and  run  it  as  an  applet,  giving  the  attacker  a 
chance  to  run  Java  code  in  the  victim’s  brow¬ 
ser.  NGS  Software  says  the  GIFAR  attack  could 
be  thwarted  if  Web  sites  improve  their  filtering 
tools  to  spot  the  hybrid  files. 

IDG  News  correspondent  Robert  MacMillan 
contributed  to  this  report. 


■  Network  World  492  Old  Connecticut  Path,  Framingham, 
MA  01701-9002,(508)766-5301. _ 

Periodical  postage  paid  at  Framingham,  Mass.,  and  additional  mail¬ 
ing  offices.  Posted  under  Canadian  International  Publication  agree¬ 
ment  #PM40063731.  Network  World  (ISSN  0887-7661)  is  published 
weekly,  except  for  combined  issues  for  the  first  two  weeks  of  July 
and  the  last  two  weeks  in  December  by  Network  World,  Inc.,  492 
Old  Connecticut  Path,  Framingham,  MA  01701-9002, 

Network  World  is  distributed  free  of  charge  in  the  U.S.  to  quali¬ 
fied  management  or  professionals. 

To  apply  for  a  free  subscription,  go  to  www.subscribenw.com  or 
write  Network  World  at  the  address  below.  No  subscriptions 
accepted  without  complete  identification  of  subscriber's  name,  job 
function,  company  or  organization,  Based  on  the  information  sup¬ 
plied,  the  publisher  reserves  the  right  to  reject  non-qualified 
requests.  Subscriptions:  1-508-820-8117. 

Nonqualified  subscribers:  $5.00  a  copy;  U.S.  -  $129  a  year;  Canada  ■ 
$160.50  (including  7%  GST,  GST#126659952);  Central  4  South 
America  -  $150  a  year  (surface  mail);  all  other  countries  -  $300  a 
year  (airmail  service).  Four  weeks  notice  is  required  for  change  of 
address.  Allow  six  weeks  for  new  subscription  service  to  begin. 
Please  include  mailing  label  from  front  cover  of  the  publication. 

Network  World  can  be  purchased  on  35mm  microfilm  through 


University  Microfilm  Int.,  Periodical  Entry  Dept.,  300  Zebb  Road, 
Ann  Arbor,  Mich,  48106. 

PFIOTOCOPYRIGFITS:  Permission  to  photocopy  for  internal  or 
personal  use  or  the  internal  or  personal  use  of  specific  clients  is 
granted  by  Network  World,  Inc.  for  libraries  and  other  users  regis¬ 
tered  with  the  Copyright  Clearance  Center  (CCC),  provided  that  the 
base  fee  of  $3.00  per  copy  of  the  article,  plus  50  cents  per  page  is 
paid  to  Copyright  Clearance  Center,  27  Congress  Street,  Salem, 
Mass.  01970. 

POSTMASTER:  Send  Change  of  Address  to  Network  World,  P.O. 
Box  3090,  Northbrook,  IL  60065.  Canadian  Postmaster:  Please  return 
undeliverable  copy  to  PO  Box  1632,  Windsor,  Ontario  N9A7C9. 

^  Wbpik 

▼  INTERNATIONAL* 

Copyright  2008  by  Network  World,  Inc.  All  rights  reserved. 
Reproduction  of  material  appearing  in  Network  World  is  forbidden 
without  written  permission. 

Reprints  (minimum  500  copies)  and  permission  to  reprint  may  be 
purchased  from  Reprint  Management  Services  at  (717)  399-1900 
x128  or  networkworld@reprintbuyer.com. 

USPS735-730 


44  *  AUGUST  4,  2008  •  www.networkworld.com 


NETWORK  WORLD 

Editorial  Index 


■  A 

F5  Networks 

_ ID 

Parascale 

17 

AirDefen.se 

_ 7 

Fanebook 

_ 8 

Pliant  Technology 

17 

AirTight  Networks 

44 

Foundry  Networks 

1, 10 

Pure  Digital  Technologies 

32 

Akamai  Technologies 

_ ID 

FreeDrive 

_ 17 

■  Q 

Amaznnrnm 

17  32 

Fusion-io 

_ 17 

Qualcomm _ 

7 

API 

32 

■  G 

Oiianta  Computer 

_ 15 

Apple  1,7.25. 

32  34 

Google 

8, 12,  17,  44 

■  R 

AT&T  3. 

14,  24 

Griffin  Technology 

! 32 

Radware 

1 

Atratn 

Ifi 

■  H 

Reconnex 

7 

Attivin 

_ 8 

HP 

UU4 

Research  In  Motion 

24 

Avaya 

15  34 

■  1 _ 

Riverbed  Technology 

in 

■  B 

Intel 

in,  12 

Rohati  Systems 

38 

RitArmnr  Systems 

44 

■  J 

RSA 

37 

42 

Juniper  Networks 

438 

■  S 

Rluft  Coat  Systems 

ID  17 

■  L 

SAP 

10 

BreakingPoint  Systems 

Brocade 

3 

1  G  Flectrnnios 

4fi 

SCO  Group.  The 

36 

1 

■  M 

SFR  Solutions 

1 

Buffalo  Technology 

44 

Macally  Peripherals 

32 

Siemens 

1,  15 

Rusiness  Ohjer.ts 

4n 

McAfee 

7 

Silver  Peak  Systems 

_ ID 

■c 

Microsoft_ 1,  7,  8, 

10. 12.  24.  38 

Sling  Media 

8 

Pherk  Point  Software 

40 

Motorola 

1 42 

SRC  Computers 

_ 16 

Pisoo  1  7  8  in  28  44 

Mozilla 

_ 1 

Sun 

_ 747 

Pitrix  Systems 

in  17 

Mu  Dynamics 

42 

Symantec 

_ 38 

Gore  Security  Technologies 

■  D 

44 

MySpace 

32 

■JL 

■  N 

Tata  Communications 

7 

Dell 

44 

Nirvanix 

17 

■  V 

D-l  ink 

44 

Nokia 

34 

Verizon 

46 

■  E 

Nortel 

_ 34 

VMware 

1,  18 

FDS 

in  33 

■  0 

VolPshield  Systems 

_ 15 

FMG 

Ifi,  18 

Ocarina  Networks 

_ 17 

■  W 

Fnterasys  Networks 

_ 1 

Oracle 

1DA38 

WebEx  Communications 

7 

Fye-Fi 

.32 

■  P 

■  Y 

■  F 

Palm 

24 

Yahoo 

10.34 

4Blox _ 

Ifi 

Palo  Alto  Networks _ 

_ 38 

YouTube 

32 

Advertiser  Index 


Advertiser 

Page  # 

URL 

1A1  Internet  AG _ 

4-5 

_ 1and1.com 

ATEN  Technology _ 

_ 16_ 

www.aten-usa.cnm/smh 

COW  C.nrp _ 

_ 11_ 

_ cdw.com 

Citrix  Systems  Inc _ 

_ 35_ 

_ 0otnassist.com/print 

Dell  Inc _ 

48 

dell.com/NiimberOneServer 

DN.Sstnff _ 

47 

_ ONSstnff.com 

dt. Search 

_ 41_ 

Fmersnn  Network  Power 

_ 13_ 

f  levihilit  /  liehert  com 

Hewlett  Packard _ 

_ 2_ 

_ hp.com/gn/BeReariy76 

IBM  Corp _ 22:23 _ 

_ ihm.rnm/takehackcnntrnl/evolve 

.  26,27. 


IRM  r.nrp  29 

ihm.com/takehackcontrol/SOA 

IRM  P.nrp  31 

ihm  rnm/takphar.kr.ontrol/blades 

IT  WatrhrioQft 

41 

ITWatchriogs.com 

Microsoft  Dorp 

9 

serveri  mleasheri.com 

Microsoft  Corp 

39 

pasyeasier.com 

Sensaphnne 

41 

www.ims-4000.com 

Verizon  Wireless _ 13  veriznnwireless  com/pushtotalk 


These  indexes  are  provided  as  a  reader  service.  Although  every 
effort  has  been  made  to  make  them  as  complete  as  possible,  the 
publisher  does  not  assume  liability  for  errors  or  omissions. 

‘Indicates  Regional  Demographic 


International  Data  Group 

Chairman  of  the  Board ,  Patrick  J.  McGovern 

IDG  Communications,  Inc. 

CEO,  Bob  Cardigan 

Network  World  is  a  publication  of  IDG,  the  world's  largest 
publisher  of  computer-related  information  and  the  leading 
global  provider  of  information  services  on  information 
technology.  IDG  publishes  over  300  computer  publications 
in  85  countries,  One  hundred  million  people  read  one  or 
more  IDG  publications  each  month.  Network  World  con¬ 
tributes  to  the  IDG  News  Service,  offering  the  latest  on 
domestic  and  international  computer  news. 


Publicize  your  press  coverage  in  Network  World 
by  ordering  reprints  of  your  editorial  mentions. 
Reprints  make  great  marketing  materials  and 
are  available  in  quantities  of  500  and  up. To  order, 
contact  Reprint  Management  Services  at  (717) 
399-1900  x128  or  E-mail:  networkworld@reprint- 
buyer.com, 


iletworkWbrtd 


j«  Network  World  Events  and 
Executive  Forums  produces 
_ _ _ events  including  IT  Roadmap, 

vents  and  Executive  Forums  g^O^and,  The^curity 

ation  on  our  current  event  offerings,  call  us  at  800-643-4668  or 
■)  to  www.networkworld.com/events. 


■  Network  World,  Inc. 

492  Old  Connecticut  Path,  Framingham,  MA  01701-9002 
Phone:  (508)  766-5301 

TO  SEND  E-MAIL  TO  NWW  STAFF 

firstname_lastname@nww.com 

CEO:  John  Gallant 
Publisher:  Dan  Hirsh 

ONLINE  SERVICES 

Vice  President/General  Manager:  Susan  Cardoza 
V.  P.,  Audience/Partnership  Development:  Dan  Gallagher 
Director  of  Client  Services:  Jennifer  Moberg 

SEMINARS,  EVENTS  AND  IDG  EXECUTIVE  FORUMS 

Exec.V.  P.,  Events/Executive  Forums:  Neal  Silverman 
Vice  President,  Event  Sales:  Andrea  D’Amato 
V.  P.,  Event  Marketing/Business  Dev.:  Mike  Garity 
Director  of  Event  Operations:  Dale  Fisher 

MARKETING 

Director  of  Marketing:  Donna  Pomponi 

AD  OPERATIONS 

Senior  Production  Manager:  JamiThompson 
Advertising  Coordinator:  Maro  Eremyan 

FINANCE 

Vice  President  Finance:  Mary  Fanning 

HUMAN  RESOURCES 

Director  of  Human  Resources:  Eric  Cormier 

CIRCULATION/SUBSCRIPTION 

Membership  Services  Specialist:  Judy  Cloutier 
Direct:  (508)  820-8117 

INFORMATION  SERVICES 

CIO:  W.  Michael  Draper 

Director  of  Systems  Development:  Tom  Kroon 

IDG  LIST  RENTAL  SERVICES 

Director  of  List  Management,  SteveTozeski 

Toll  free:  (800)  IDG-LIST  (US  only)/Direct:  (508)  370-0822 


■  Sales 


Vice  President/Associate  Publisher:  Sandra  Kupiec 

New  York/New  Jersey 

Elisa  Della  Rocco,  Regional  Account  Director 
(201)  634-2300/FAX:  (201)  634-9286 

Northeast 

Elisa  Della  Rocco,  Regional  Account  Director 
(201)  634-2300/FAX:  (201)  634-9286 

Mid-Atlantic 

Jacqui  DiBianca,  Regional  Account  Director 
(610)  971-0808/FAX:  (201)  621-5095 

Midwest/Central 

Sandra  Kupiec,  Vice  President/Associate  Publisher 
(415)  243-4122/FAX:  (415)  267-4519 

Southeast 

Al  Schmidt,  Regional  Account  Director 
(972)  631-3730/FAX:  (972)  631-3993 
Enku  Gubaie,  Account  Manager 
(508)  460-3333/FAX:  (508)  460-1192 

Northern  California/Northwest 

Karen  Wilde,  Regional  Account  Director 
VanessaTormey,  Regional  Account  Director 
Coretta  Wright,  Regional  Account  Manager 
Katie  Layng,  District  Manager 
Hillary  Bullard,  Account  Executive 
(415)  243-4122/FAX:  (415)  267-4519 

Southwest/Rockies 

Katie  Layng,  District  Manager 
(415)  243-4122/FAX:  (415)  267-4519 

Online/Integrated  Solutions 

Debbie  Lovell,  Regional  Account  Director  Northeast 
Daniel  Hunt,  Account  Executive 
(508)  766-5301/FAX:  (508)  766-5320 

■  EVENT  SALES 

Kevin  Hause,  Sr.  Director,  Global  Sales,  DEMO 
Michael  McGoldrick,  Regional  Account  Director 
Grace  Moy,  Regional  Account  Director 
Jennifer  Sand,  Regional  Account  Director 
Leilani  Hammock,  Sales  Representative 
(508)  766-5301/FAX:  (508)  766-5327 


www.networkworld.com  •  AUGUST  4,  2008  •  45 


UCE,  shouting  into  thunder 


Mark  Gibbs 


By  and  large  we  have  all  gotten  used  to 
spam  and  unsolicited  commercial  e-mail 
(UCE).  Even  if  you  buy  or  build  the  best 
filters,  if  you  are  at  all  active  online  you’re 
going  to  get  at  least  a  few  spam  messages 
BAUKSPlN  every  day  It  has  become  one  of  those  things 
that  you  can’t  avoid,  like  death  and  taxes  only 
more  irritating. 

The  other  day  I  got  UCE  from  Paradise 
Chevrolet  in  Ventura,  Calif.,  a  car  dealer  I  had  recently  visited  to  have 
my  wife’s  truck  serviced.  I  called  the  sales  guy  named  in  the  UCE  and 
asked  why  they  were  spamming  me.  He  pointed  out  I  was  a  customer 
and  the  CAN  SPAM  Act  allows  for  a  company  you’ve  done  business 
with  to  send  you  UCE. 

I’d  forgotten  that  loophole  but  1  pointed  out  that,  while  this  may  be 
true,  if  they  ever  wanted  to  do  business  with  me  again  they  needed  to 
take  me  off  their  list.  I  also  left  a  voice  mail  for  the  manager  and  you 
would  have  thought  he’d  reply,  but  apparently  I’m  not  important 
enough  to  call  back.  I  guess  they  don’t  want  my  business. 

Why  do  1  bother?  I  hate  to  think  that  I’m  “shouting  into  thunder;”  but 
if  we  were  to  all  sit  back  and  just  let  this  kind  of  behavior  become  the 
normal  way  business  is  done  then  what  more  egregious  behaviors 
would  we  be  opening  the  door  to?  For  example,  if  there  hadn’t  been  a 
public  outcry  we  would  never  have  the  CAN  SPAM  Act  at  all,  and 
while  the  act  has  done  little  to  reduce  spam  in  general  it  has  at  least 
nailed  several  of  the  biggest  and  worst  offenders. 

What  I  find  particularly  annoying  is  the  number  of  IT  companies 
that  are  using  UCE.  I  just  got  such  a  pitch  from  “Christian”  though  the  e- 
mail  address  was  really  from  freedesign@headwebmaster.com. The 
message,  addressed  to  backspin@gibbs.com,  read:  “I  found  this  guy  on 


craiglist  and  wanted  to  forward  it  to  you.Hes  [stet]  doing  free  web  site 
designs.  Logo,  layouts,  everything  for  free.  Like  web  design  students  or 
something.  Anyways  I  got  mine  done  for  free  finished  in  2  days.  Just 
email  freedesign@headwebmaster.com  and  tell  James  you  would  like 
a  free  web  design.  Its  up  to  ten  pages  for  your  site  and  the  work  is 
excellent.  PS.  i  [stet]  hope  you  didnt  [stet]  pay  for  it  yet.” 

Of  course  I  looked  up  headwebmaster.com  and  called.  Lo  and 
behold  James  answered  the  phone,  though  he  was  cagey  about  who 
he  was  for  the  first  few  exchanges.  Anyway,  according  to  James,  the 
company  really  is  giving  away  free  Web  site  designs  (from  the  look  of 
the  templates  displayed,  you’ll  get  what  you  pay  for).  I  quite  nicely 
asked  whether  their  misleading  message  that  pretended  to  be  mis¬ 
addressed  was  paying  off,  but  James  got  defensive  and  finally  hung  up 
on  me  saying  he  was  in  the  process  of  eating  lunch.  Sad. 

Now  let’s  see:  The  message  had  no  opt-out,  had  no  physical  street 
address  and  was  misleading.  It  basically  violated  the  CAN  SPAM  Act  in 
at  least  three  ways.  Who  is  so  desperate  or  devious  that  they’d  use 
such  pathetic  techniques  to  drum  up  business? 

Here’s  the  thing:  Send  me  one  CAN-SPAM-compliant  pitch  offering 
your  goods  and  or  services,  and  if  1  don’t  respond  then  assume  I’m 
not  interested  and  don’t  bother  me  again.  But  subscribe  me  to  your 
wretched  newsletter  or  send  me  intentionally  misleading  UCE  that 
shows  that  you  harvested  e-mail  addresses  from  the  Network  World 
Web  site  and  I  will  start  dreaming  of  you  burning  in  hell. 

We  all  need  to  make  an  effort  to  let  companies,  particularly  those  in 
the  IT  business,  know  that  we  won’t  tolerate  bad  behavior.  Or  am  1  just 
shouting  into  thunder? 

Gibbs  has  dark,  angry  dreams  in  Ventura,  Calif.  Your  nightmares  to 
backspin@gibbs.com.  Unless  they  are  UCE. 


About  that  Verizon/pit-bull  blog  post 


It  seems  I  need  to  make  an  apology  . . .  OK, 
make  that  two  apologies.  First,  I  need  to 
apologize  to  Buzzblog  readers  for  writing 
recently  that  Verizon  deserved  praise  for  stand¬ 
ing  up  to  animal  rights  activists  who  found 
offensive  the  company’s  new  commercial  for 
NET8UZZ  its  LG  Dare  cell  phone.That  spot  featured  a  pair 

News,  Insights,  oddities  °f  ctained>m,,to* iunkyard  *>» «*  bulls  to 

^  D6  6X3,Ct. 

Praise?  What  could  I  have  been  thinking? 

How  could  1  have  been  so  blind  as  to  not  foresee  the  inevitable: 
Verizon  would  surrender  before  the  pixels  on  that  post  were  dry 
Following  a  torrent  of  complaints  from  pit  bull  lovers  and  the  ASPCA, 
the  commercial  —  which  commits  no  greater  sin  than  depicting  junk¬ 
yard  dogs  as  junkyard  dogs  —  has  disappeared  from  television. 

“The  commercial  was  always  part  of  a  series  and  it  is  no  longer  in 
the  rotation,”  a  Verizon  spokeswoman  tells  me.  (Translation:  They 
caved.) 

I’m  sorry,  Buzzblog  readers.You  have  a  right  to  expect  better  from  me 
than  to  expect  better  from  Verizon  . . .  especially  given  the  fact  that  I’ve 
made  something  of  a  journalistic  fetish  of  chronicling  Verizon  foibles. 

My  second  apology  goes  out  to  the  animal-rights  activists.  Again,  I 
have  no  explanation  for  my  lapse  in  judgment.  After  all,  I  have  been 
writing,  editing  and/or  managing  opinion  sections  of  news  publica¬ 
tions  for  the  bulk  of  my  30  years  as  a  journalist  and  if  I’ve  said  it  a  thou¬ 
sand  times,  well,  that’s  7,000  in  dog  times:  No  group  of  advocates  —  not 
the  National  Rifle  Association,  not  Move-0n.org,  not  Rush  Limbaugh’s 
legions,  not  the  NAACPnot  even  those  who  oppose  abortion  rights,  can 
muster  more  volume,  vehemence  and  persistence  of  protest  than  can 
the  animal-rights  lobby. 

As  protesters  go,  you  might  call  them  junkyard  dogs.  So,  for  me  to 


think  for  even  one  moment  that  these  folks  would  be  incapable  of 
breaking  the  will  of  a  bottom-line  conscious  corporation,  well,  I  can 
understand  why  they  might  find  my  lack  of  faith  offensive. 

I  am  truly  sorry  animal  rights  activists.  Never  again  will  I  underesti¬ 
mate  your  might. 

Finally  there  is  a  third  party  deserving  of  an  apology  in  this  episode, 
but  I  am  not  in  a  good  position  to  offer  it  given  that  I  have  been  on 
occasion  (in  the  view  of  some)  a  member  of  the  aggrieved  class. 

In  addition  to  the  pair  of  pit  bulls,  there  was  a  third  central  character 
in  that  now-banished  junkyard  dog  commercial.  A  young  man  —  twen¬ 
tysomething,  shaggy  hair,  in  need  of  a  shave  —  scales  the  junkyard’s 
chain-link  fence  and  sprints  toward  the  animals  despite  the  fact  that 
they  are  giving  off  every  intention  of  having  him  for  lunch. 
Nevertheless,  he  snatches  the  LG  Dare  phone  right  out  from  under 
their  noses,  after  which  we  get  Verizon’s  message:“Dare  to  touch  it.” 

Stupid  white  males  —  Madison  Avenue’s  all-purpose,  risk-free  punch¬ 
ing  bags  —  take  another  one  on  the  chin.  Don’t  hold  your  breath  wait¬ 
ing  for  anyone  to  apologize. 

Meanwhile,  Verizon  doesn't  understand  fire 

A  couple’s  house  burns  virtually  to  the  ground  (they’re  the  in-laws  of 
Network  World  columnist  James  Gaskin). They  ask  Verizon  to  transfer 
their  phone  number  to  their  temporary  quarters  during  the  rebuilding. 
No  can  do, Verizon  says,  but  they  can  have  the  number  forwarded  to 
the  temporary  phone  as  long  as  the  request  is  made  by  the  couple 
from  a  phone  in  the  house  . . .  that . . .  burned  ...  to  ...  the  .. .  ground. 

You  can  read  more  about  this  head-scratcher  at  www.nwdocfinder. 
com6040. 

You  can  forward  your  own  tales  of  woe  to  me  here  at 
buzz@nww.com. 
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DNS  CHANGE  MAKERS 


Mastering  DNS  has  always  been  challenging  -  some  would  say  it’s  as  much  art  as  science. 
And  while  I’m  thrilled  that  DNS  plays  a  key  role  in  essentially  all  network  applications, 
I’m  concerned  by  current  trends.  We’re  now  seeing  more  frequent  attacks  against  DNS 
infrastructure.  Recently,  for  example,  we  saw  a  spate  of  what  are  referred  to  as 
“DNS  amplification”  attacks  in  which  open  recursive  name  servers  are  used  as  amplifiers  to 
swamp  targets  on  the  Internet.  Turns  out  that  name  servers  are  terrific  amplifiers  - 

you  can  get  an  amplification  factor  of  nearly  lOOx.  These  attacks 
have  raised  awareness  of  the  vulnerability  of  Internet 
name  servers,  which  is  possibly  the  only  positive  result. 


■1  DNSstuff.com 

WHEN  GOOD  ISN’T  GOOD  ENOUGH. 


Dealing  with  DNS  issues  is  becoming  a  full  time  job  for 
organizations.  My  company,  Infoblox,  provides  leading 
edge  products  to  help  IT  managers  better  handle 
their  DNS  network  management  challenges. 


When  I  need  an  answer  fast,  I  go  to  a  source  I  trust  - 
DNSstuff.com.  Comprehensive  troubleshooting  and 
problem  solving  tools  in  one  place.  That's  powerful. 

Think  all  DNS  tools  are  the  same? 

Think  again. 


Cricket  Liu,  DNS  guru,  author  6t  VP  of  Architecture,  Infoblox 
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